diff options
author | Sybren A. Stüvel <sybren@blender.org> | 2021-03-12 17:58:58 +0300 |
---|---|---|
committer | Sybren A. Stüvel <sybren@blender.org> | 2021-03-12 17:58:58 +0300 |
commit | bcac17196a90967b78013aefd89bf547cf8e694c (patch) | |
tree | 989f271aefd12e428e948b9e7996231dc943d599 /intern | |
parent | f0c3ec3dc8bc0e361b47952bad105499a2d23fae (diff) |
Fix heap buffer overflow appending/linking from a blend file
Add new function `blo_bhead_is_id_valid_type()` to correctly check the
blend file block type.
File block type codes have four bytes, and two of those are only in use
when these blocks contain ID datablocks (like `"OB\0\0"`). However,
there are other types defined in `BLO_blend_defs.h` that have four
bytes, like `TEST`, `ENDB`, etc.
The function `BKE_idtype_idcode_is_valid(short idcode)` was used to
check for ID datablocks while reading a blend file. This only takes a
2-byte parameter, and thus its result is invalid for the 4-byte codes.
For `TEST` blocks, it would actually consider it a `TE` block, which is
a valid identifier for a Texture. This caused the heap buffer overflow,
as the datablock is not a valid ID, and thus the bytes that were
expected to form an ID name actually encode something completely
different.
Reviewed By: mont29
Differential Revision: https://developer.blender.org/D10703
Diffstat (limited to 'intern')
0 files changed, 0 insertions, 0 deletions