From 73a43c9d8acfdb81aa324012bb30cae10c52f186 Mon Sep 17 00:00:00 2001
From: Julian Eisel <julian@blender.org>
Date: Thu, 6 Aug 2020 14:12:23 +0200
Subject: [PATCH] Fix buffer-overflow when drawing Curve Guide objects

Was passing an array of length 3 to `where_on_path()` that expected
length 4.
---
 source/blender/draw/engines/overlay/overlay_extra.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/blender/draw/engines/overlay/overlay_extra.c b/source/blender/draw/engines/overlay/overlay_extra.c
index 47f05eda58e..0b4d0fcdc11 100644
--- a/source/blender/draw/engines/overlay/overlay_extra.c
+++ b/source/blender/draw/engines/overlay/overlay_extra.c
@@ -547,7 +547,7 @@ static void OVERLAY_forcefield(OVERLAY_ExtraCallBuffers *cb, Object *ob, ViewLay
       if (cu && (cu->flag & CU_PATH) && ob->runtime.curve_cache->path &&
           ob->runtime.curve_cache->path->data) {
         instdata.size_x = instdata.size_y = instdata.size_z = pd->f_strength;
-        float pos[3], tmp[3];
+        float pos[4], tmp[3];
         where_on_path(ob, 0.0f, pos, tmp, NULL, NULL, NULL);
         copy_v3_v3(instdata.pos, ob->obmat[3]);
         translate_m4(instdata.mat, pos[0], pos[1], pos[2]);