diff options
author | Campbell Barton <ideasman42@gmail.com> | 2020-03-04 07:12:36 +0300 |
---|---|---|
committer | Campbell Barton <ideasman42@gmail.com> | 2020-03-04 07:17:04 +0300 |
commit | 8931c4b18d5e15366c755346f0c982698f661e6f (patch) | |
tree | 475fb1b501db20e5f8b5bdabce77c2efc54d7e51 | |
parent | 0baae1837548f5617c11da4acd8a282400b2bd62 (diff) |
Fix possible buffer overflow from incorrect 'strncat' use
The size argument is the maximum number of bytes to copy,
not the destination buffer size.
Replace with utility function that joins strings.
-rw-r--r-- | source/blender/render/intern/source/render_result.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/source/blender/render/intern/source/render_result.c b/source/blender/render/intern/source/render_result.c index b2225d70eaf..81395399134 100644 --- a/source/blender/render/intern/source/render_result.c +++ b/source/blender/render/intern/source/render_result.c @@ -35,6 +35,7 @@ #include "BLI_path_util.h" #include "BLI_rect.h" #include "BLI_string.h" +#include "BLI_string_utils.h" #include "BLI_threads.h" #include "BKE_appdir.h" @@ -181,26 +182,33 @@ void render_result_views_shallowdelete(RenderResult *rr) static char *set_pass_name(char *outname, const char *name, int channel, const char *chan_id) { - BLI_strncpy(outname, name, EXR_PASS_MAXNAME); + const char *strings[2]; + int strings_len = 0; + strings[strings_len++] = name; + char token[2]; if (channel >= 0) { - char token[3] = {'.', chan_id[channel], '\0'}; - strncat(outname, token, EXR_PASS_MAXNAME); + ARRAY_SET_ITEMS(token, chan_id[channel], '\0'); + strings[strings_len++] = token; } + BLI_string_join_array_by_sep_char(outname, EXR_PASS_MAXNAME, '.', strings, strings_len); return outname; } static void set_pass_full_name( char *fullname, const char *name, int channel, const char *view, const char *chan_id) { - BLI_strncpy(fullname, name, EXR_PASS_MAXNAME); + const char *strings[3]; + int strings_len = 0; + strings[strings_len++] = name; if (view && view[0]) { - strncat(fullname, ".", EXR_PASS_MAXNAME); - strncat(fullname, view, EXR_PASS_MAXNAME); + strings[strings_len++] = view; } + char token[2]; if (channel >= 0) { - char token[3] = {'.', chan_id[channel], '\0'}; - strncat(fullname, token, EXR_PASS_MAXNAME); + ARRAY_SET_ITEMS(token, chan_id[channel], '\0'); + strings[strings_len++] = token; } + BLI_string_join_array_by_sep_char(fullname, EXR_PASS_MAXNAME, '.', strings, strings_len); } /********************************** New **************************************/ |