From 72c413b4722d20fd80bc2356eb9c53e28a217105 Mon Sep 17 00:00:00 2001
From: m9co <nkolchik@gmail.com>
Date: Mon, 28 Sep 2020 14:32:18 +0300
Subject: [PATCH] Wrong PhysX scene query buffer size

When performing scene query with more requested hits than maximum buffer size, passed buffer size (request.m_maxResults) will be lower than actual buffer size and may cause crashes.
---
 dev/Gems/PhysX/Code/Source/World.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev/Gems/PhysX/Code/Source/World.cpp b/dev/Gems/PhysX/Code/Source/World.cpp
index f08e9ea6c5..9b2d8dd00a 100644
--- a/dev/Gems/PhysX/Code/Source/World.cpp
+++ b/dev/Gems/PhysX/Code/Source/World.cpp
@@ -314,7 +314,7 @@ namespace PhysX
             s_raycastBuffer.resize(maxResults);
         }
         // Raycast
-        physx::PxRaycastBuffer castResult(s_raycastBuffer.begin(), aznumeric_cast<physx::PxU32>(request.m_maxResults));
+        physx::PxRaycastBuffer castResult(s_raycastBuffer.begin(), aznumeric_cast<physx::PxU32>(maxResults));
         bool status = false;
         {
             PHYSX_SCENE_READ_LOCK(*m_world);
@@ -408,7 +408,7 @@ namespace PhysX
             }
 
             // Buffer to store results
-            physx::PxSweepBuffer pxResult(s_sweepBuffer.begin(), aznumeric_cast<physx::PxU32>(request.m_maxResults));
+            physx::PxSweepBuffer pxResult(s_sweepBuffer.begin(), aznumeric_cast<physx::PxU32>(maxResults));
 
             bool status = false;
             {
@@ -456,7 +456,7 @@ namespace PhysX
             s_overlapBuffer.resize(maxResults);
         }
         // Buffer to store results
-        physx::PxOverlapBuffer queryHits(s_overlapBuffer.begin(), aznumeric_cast<physx::PxU32>(request.m_maxResults));
+        physx::PxOverlapBuffer queryHits(s_overlapBuffer.begin(), aznumeric_cast<physx::PxU32>(maxResults));
         bool status = false;
         {
             PHYSX_SCENE_READ_LOCK(*m_world);