bam: Start more strongly checking pointer types in complete_pointers

This just starts with PandaNode, and uses DCAST_INTO_R instead of DCAST to catch bad bams. BamWriter should never produce bam output that will trigger this; I found this with a fuzzer. I'm unsure about the tradeoff between bam loading performance and robustness in the face of bad bams. It certainly makes a lot of sense in debug builds, but we might want to consider a compile flag that forces bam-related asserts always on even in release builds.
2025-10-02 18:03:56 -04:00 · 2018-02-22 04:57:19 -07:00 · 2018-02-22 04:57:19 -07:00 · f8e321d155
commit f8e321d155
parent 293465a516
1 changed files with 10 additions and 4 deletions
--- a/panda/src/pgraph/pandaNode.cxx
+++ b/panda/src/pgraph/pandaNode.cxx
@ -3798,9 +3798,13 @@ complete_pointers(TypedWritable **p_list, BamReader *manager) {
  int pi = CycleData::complete_pointers(p_list, manager);
  // Get the state and transform pointers.
-  _state = DCAST(RenderState, p_list[pi++]);
+  RenderState *state;
-  _transform = DCAST(TransformState, p_list[pi++]);
+  DCAST_INTO_R(state, p_list[pi++], pi);
-  _prev_transform = _transform;
+  _state = state;
  TransformState *transform;
  DCAST_INTO_R(transform, p_list[pi++], pi);
  _prev_transform = _transform = transform;
 /*
 * Finalize these pointers now to decrement their artificially-held reference
@ -3817,7 +3821,9 @@ complete_pointers(TypedWritable **p_list, BamReader *manager) {
  // Get the effects pointer.
-  _effects = DCAST(RenderEffects, p_list[pi++]);
+  RenderEffects *effects;
  DCAST_INTO_R(effects, p_list[pi++], pi);
  _effects = effects;
 /*
 * Finalize these pointers now to decrement their artificially-held reference