From a55fc950da43b17d8f0b2839fa44e4ba33f093ce Mon Sep 17 00:00:00 2001 From: Hannu Koivisto Date: Wed, 21 Aug 2024 03:40:27 +0300 Subject: [PATCH] Fix crash when using box selection with Arch Survey doSelect() loops over document's object vector. It can happen that, within the loop, Gui::Selection().addSelection() gets called and that ends up calling App::Document::addObject() which pushes an object to the vector that the loop is traversing. If the vector is full, its storage is reallocated and this means that later iterations of the loop are using invalid iterators. Thus, one ends up with a bogus obj pointer and there will be a crash within getGroupOfObject(). The problem was observed when using Arch Survey. --- src/Gui/CommandView.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Gui/CommandView.cpp b/src/Gui/CommandView.cpp index c1e68934e8..52d5519376 100644 --- a/src/Gui/CommandView.cpp +++ b/src/Gui/CommandView.cpp @@ -2925,7 +2925,8 @@ static void doSelect(void* ud, SoEventCallback * cb) Gui::Selection().clearSelection(doc->getName()); } - for(auto obj : doc->getObjects()) { + const std::vector objects = doc->getObjects(); + for(auto obj : objects) { if(App::GeoFeatureGroupExtension::getGroupOfObject(obj)) continue;