Fix T47252: FileBrowser: buffer overflow with scripts defining too long 'filter_glob' string.

Fixed this with three changes:
* filter_glob is now 255 char max (63 could be a bit limited in some rare cases).
* IO templates now explicitely define max len of that property (such that scripters are aware of the limit).
* ED_fileselect_set_params() is now safe regarding too long strings from a 'filter_glob' op property.

2 files changed, 8 insertions, 2 deletions

diff --git a/source/blender/editors/space_file/filelist.c b/source/blender/editors/space_file/filelist.c
index 98eed5bdc7d..207879c2809 100644
--- a/source/blender/editors/space_file/filelist.c
+++ b/source/blender/editors/space_file/filelist.c
@@ -270,7 +270,7 @@ typedef struct FileListEntryPreview {
 typedef struct FileListFilter {
 	unsigned int filter;
 	unsigned int filter_id;
-	char filter_glob[64];
+	char filter_glob[256];
 	char filter_search[66];  /* + 2 for heading/trailing implicit '*' wildcards. */
 	short flags;
 } FileListFilter;
diff --git a/source/blender/editors/space_file/filesel.c b/source/blender/editors/space_file/filesel.c
index a83cae6eb17..981b101519c 100644
--- a/source/blender/editors/space_file/filesel.c
+++ b/source/blender/editors/space_file/filesel.c
@@ -186,7 +186,13 @@ short ED_fileselect_set_params(SpaceFile *sfile)
 		if ((prop = RNA_struct_find_property(op->ptr, "filter_collada")))
 			params->filter |= RNA_property_boolean_get(op->ptr, prop) ? FILE_TYPE_COLLADA : 0;
 		if ((prop = RNA_struct_find_property(op->ptr, "filter_glob"))) {
-			RNA_property_string_get(op->ptr, prop, params->filter_glob);
+			/* Protection against pyscripts not setting proper size limit... */
+			char *tmp = RNA_property_string_get_alloc(
+			                op->ptr, prop, params->filter_glob, sizeof(params->filter_glob), NULL);
+			if (tmp != params->filter_glob) {
+				BLI_strncpy(params->filter_glob, tmp, sizeof(params->filter_glob));
+				MEM_freeN(tmp);
+			}
 			params->filter |= (FILE_TYPE_OPERATOR | FILE_TYPE_FOLDER);
 		}
 		else {