Fix potential buffer overflow with BLI_path_slash_ensure use

BLI_path_slash_ensure was appending to fixed sized buffers without a size check.
author: Campbell Barton <campbell@blender.org> 2022-10-30 07:34:02 +0300
committer: Campbell Barton <campbell@blender.org> 2022-10-30 07:34:02 +0300
commit: d66f24cfe30d26e03863a78de9fd58bb3b65ed43 (patch)
tree: c626e7dd55f5c2ea3e72edb28224e5654f54bf55 /source/blender/editors
parent: 5d77c3a6a5a27094342d942c5eb4db3c8ded1cd1 (diff)
4 files changed, 21 insertions, 21 deletions
diff --git a/source/blender/editors/space_buttons/buttons_ops.c b/source/blender/editors/space_buttons/buttons_ops.c
index a9ce9a3d723..4013288b13b 100644
--- a/source/blender/editors/space_buttons/buttons_ops.c
+++ b/source/blender/editors/space_buttons/buttons_ops.c
@@ -205,7 +205,7 @@ static int file_browse_exec(bContext *C, wmOperator *op)
 
     if (BLI_is_dir(path)) {
       /* Do this first so '//' isn't converted to '//\' on windows. */
-      BLI_path_slash_ensure(path);
+      BLI_path_slash_ensure(path, sizeof(path));
       if (is_relative) {
         BLI_path_rel(path, BKE_main_blendfile_path(bmain));
         str_len = strlen(path);
diff --git a/source/blender/editors/space_file/file_ops.c b/source/blender/editors/space_file/file_ops.c
index 20025b0bac9..c9c4704d16c 100644
--- a/source/blender/editors/space_file/file_ops.c
+++ b/source/blender/editors/space_file/file_ops.c
@@ -197,13 +197,13 @@ static FileSelect file_select_do(bContext *C, int selected_idx, bool do_diropen)
         }
         else if (file->redirection_path) {
           BLI_strncpy(params->dir, file->redirection_path, sizeof(params->dir));
-          BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir);
-          BLI_path_slash_ensure(params->dir);
+          BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir, sizeof(params->dir));
+          BLI_path_slash_ensure(params->dir, sizeof(params->dir));
         }
         else {
-          BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir);
+          BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir, sizeof(params->dir));
           strcat(params->dir, file->relpath);
-          BLI_path_slash_ensure(params->dir);
+          BLI_path_slash_ensure(params->dir, sizeof(params->dir));
         }
 
         ED_file_change_dir(C);
@@ -1095,7 +1095,7 @@ static int bookmark_select_exec(bContext *C, wmOperator *op)
 
   RNA_property_string_get(op->ptr, prop, entry);
   BLI_strncpy(params->dir, entry, sizeof(params->dir));
-  BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir);
+  BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir, sizeof(params->dir));
   ED_file_change_dir(C);
 
   WM_event_add_notifier(C, NC_SPACE | ND_SPACE_FILE_LIST, NULL);
@@ -1568,8 +1568,8 @@ void file_sfile_to_operator_ex(
     BLI_path_join(filepath, FILE_MAX, params->dir, params->file);
   }
   else {
-    BLI_strncpy(filepath, params->dir, FILE_MAX - 1);
-    BLI_path_slash_ensure(filepath);
+    BLI_strncpy(filepath, params->dir, FILE_MAX);
+    BLI_path_slash_ensure(filepath, FILE_MAX);
   }
 
   if ((prop = RNA_struct_find_property(op->ptr, "relative_path"))) {
@@ -1797,8 +1797,8 @@ static bool file_execute(bContext *C, SpaceFile *sfile)
     }
     else {
       BLI_path_normalize(BKE_main_blendfile_path(bmain), params->dir);
-      BLI_path_append(params->dir, sizeof(params->dir) - 1, file->relpath);
-      BLI_path_slash_ensure(params->dir);
+      BLI_path_append(params->dir, sizeof(params->dir), file->relpath);
+      BLI_path_slash_ensure(params->dir, sizeof(params->dir));
     }
     ED_file_change_dir(C);
   }
@@ -1961,7 +1961,7 @@ static int file_parent_exec(bContext *C, wmOperator *UNUSED(unused))
 
   if (params) {
     if (BLI_path_parent_dir(params->dir)) {
-      BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir);
+      BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir, sizeof(params->dir));
       ED_file_change_dir(C);
       if (params->recursion_level > 1) {
         /* Disable 'dirtree' recursion when going up in tree. */
@@ -2544,7 +2544,7 @@ void file_directory_enter_handle(bContext *C, void *UNUSED(arg_unused), void *UN
       }
     }
 
-    BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir);
+    BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), params->dir, sizeof(params->dir));
 
     if (filelist_is_dir(sfile->files, params->dir)) {
       if (!STREQ(params->dir, old_dir)) { /* Avoids flickering when nothing's changed. */
@@ -2631,7 +2631,7 @@ void file_filename_enter_handle(bContext *C, void *UNUSED(arg_unused), void *arg
 
       /* if directory, open it and empty filename field */
       if (filelist_is_dir(sfile->files, filepath)) {
-        BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), filepath);
+        BLI_path_normalize_dir(BKE_main_blendfile_path(bmain), filepath, sizeof(filepath));
         BLI_strncpy(params->dir, filepath, sizeof(params->dir));
         params->file[0] = '\0';
         ED_file_change_dir(C);
diff --git a/source/blender/editors/space_file/filelist.cc b/source/blender/editors/space_file/filelist.cc
index f177eebf6f2..3257534f94d 100644
--- a/source/blender/editors/space_file/filelist.cc
+++ b/source/blender/editors/space_file/filelist.cc
@@ -1208,7 +1208,7 @@ static int filelist_geticon_ex(const FileDirEntry *file,
       }
       else if (root) {
         BLI_path_join(fullpath, sizeof(fullpath), root, file->relpath);
-        BLI_path_slash_ensure(fullpath);
+        BLI_path_slash_ensure(fullpath, sizeof(fullpath));
       }
       for (; tfsm; tfsm = tfsm->next) {
         if (STREQ(tfsm->path, target)) {
@@ -1952,7 +1952,7 @@ void filelist_setdir(struct FileList *filelist, char *r_dir)
   const bool allow_invalid = filelist->asset_library_ref != nullptr;
   BLI_assert(strlen(r_dir) < FILE_MAX_LIBEXTRA);
 
-  BLI_path_normalize_dir(BKE_main_blendfile_path_from_global(), r_dir);
+  BLI_path_normalize_dir(BKE_main_blendfile_path_from_global(), r_dir, FILE_MAX_LIBEXTRA);
   const bool is_valid_path = filelist->check_dir_fn(filelist, r_dir, !allow_invalid);
   BLI_assert(is_valid_path || allow_invalid);
   UNUSED_VARS_NDEBUG(is_valid_path);
@@ -2920,7 +2920,7 @@ static int filelist_readjob_list_dir(const char *root,
         if (BLI_file_alias_target(full_path, entry->redirection_path)) {
           if (BLI_is_dir(entry->redirection_path)) {
             entry->typeflag = FILE_TYPE_DIR;
-            BLI_path_slash_ensure(entry->redirection_path);
+            BLI_path_slash_ensure(entry->redirection_path, FILE_MAXDIR);
           }
           else {
             entry->typeflag = (eFileSel_File_Types)ED_path_extension_type(entry->redirection_path);
@@ -3476,7 +3476,7 @@ static void filelist_readjob_recursive_dir_add_items(const bool do_lib,
   BLI_strncpy(dir, filelist->filelist.root, sizeof(dir));
   BLI_strncpy(filter_glob, filelist->filter_data.filter_glob, sizeof(filter_glob));
 
-  BLI_path_normalize_dir(job_params->main_name, dir);
+  BLI_path_normalize_dir(job_params->main_name, dir, sizeof(dir));
   td_dir->dir = BLI_strdup(dir);
 
   /* Init the file indexer. */
@@ -3507,7 +3507,7 @@ static void filelist_readjob_recursive_dir_add_items(const bool do_lib,
      * Note that in the end, this means we 'cache' valid relative subdir once here,
      * this is actually better. */
     BLI_strncpy(rel_subdir, subdir, sizeof(rel_subdir));
-    BLI_path_normalize_dir(root, rel_subdir);
+    BLI_path_normalize_dir(root, rel_subdir, sizeof(rel_subdir));
     BLI_path_rel(rel_subdir, root);
 
     bool is_lib = false;
@@ -3555,7 +3555,7 @@ static void filelist_readjob_recursive_dir_add_items(const bool do_lib,
               max_recursion, is_lib, recursion_level, entry)) {
         /* We have a directory we want to list, add it to todo list! */
         BLI_path_join(dir, sizeof(dir), root, entry->relpath);
-        BLI_path_normalize_dir(job_params->main_name, dir);
+        BLI_path_normalize_dir(job_params->main_name, dir, sizeof(dir));
         td_dir = static_cast<TodoDir *>(BLI_stack_push_r(todo_dirs));
         td_dir->level = recursion_level + 1;
         td_dir->dir = BLI_strdup(dir);
diff --git a/source/blender/editors/space_file/filesel.c b/source/blender/editors/space_file/filesel.c
index df7e9702e85..af2c9d4e757 100644
--- a/source/blender/editors/space_file/filesel.c
+++ b/source/blender/editors/space_file/filesel.c
@@ -197,7 +197,7 @@ static FileSelectParams *fileselect_ensure_updated_file_params(SpaceFile *sfile)
     }
 
     if (params->dir[0]) {
-      BLI_path_normalize_dir(blendfile_path, params->dir);
+      BLI_path_normalize_dir(blendfile_path, params->dir, sizeof(params->dir));
       BLI_path_abs(params->dir, blendfile_path);
     }
 
@@ -1187,7 +1187,7 @@ int autocomplete_directory(struct bContext *C, char *str, void *UNUSED(arg_v))
 
       match = UI_autocomplete_end(autocpl, str);
       if (match == AUTOCOMPLETE_FULL_MATCH) {
-        BLI_path_slash_ensure(str);
+        BLI_path_slash_ensure(str, FILE_MAX);
       }
     }
   }
author	Campbell Barton <campbell@blender.org>	2022-10-30 07:34:02 +0300
committer	Campbell Barton <campbell@blender.org>	2022-10-30 07:34:02 +0300
commit	d66f24cfe30d26e03863a78de9fd58bb3b65ed43 (patch)
tree	c626e7dd55f5c2ea3e72edb28224e5654f54bf55 /source/blender/editors
parent	5d77c3a6a5a27094342d942c5eb4db3c8ded1cd1 (diff)