diff options
author | Campbell Barton <ideasman42@gmail.com> | 2014-04-30 14:43:50 +0400 |
---|---|---|
committer | Campbell Barton <ideasman42@gmail.com> | 2014-04-30 14:44:52 +0400 |
commit | d2032d0dfef0b1e3a67bc9ed80b7aa3733baf394 (patch) | |
tree | 4bb2510d43abbba3154ea111269db82b4e2b4726 /source/blender/imbuf | |
parent | fe29f92030fe803f625efaab0842a4d79a8de428 (diff) |
Fix T39931: Crash generating thumbnails (error in escaping)
Diffstat (limited to 'source/blender/imbuf')
-rw-r--r-- | source/blender/imbuf/intern/thumbs.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/source/blender/imbuf/intern/thumbs.c b/source/blender/imbuf/intern/thumbs.c index b8acca3f8b9..29c621a712d 100644 --- a/source/blender/imbuf/intern/thumbs.c +++ b/source/blender/imbuf/intern/thumbs.c @@ -163,7 +163,7 @@ static const char hex[17] = "0123456789abcdef"; /* Note: This escape function works on file: URIs, but if you want to * escape something else, please read RFC-2396 */ -static void escape_uri_string(const char *string, char *escaped_string, int len, UnsafeCharacterSet mask) +static void escape_uri_string(const char *string, char *escaped_string, int escaped_string_size, UnsafeCharacterSet mask) { #define ACCEPTABLE(a) ((a) >= 32 && (a) < 128 && (acceptable[(a) - 32] & use_mask)) @@ -173,17 +173,27 @@ static void escape_uri_string(const char *string, char *escaped_string, int len, UnsafeCharacterSet use_mask; use_mask = mask; - for (q = escaped_string, p = string; (*p != '\0') && len; p++) { + BLI_assert(escaped_string_size > 0); + + /* space for \0 */ + escaped_string_size -= 1; + + for (q = escaped_string, p = string; (*p != '\0') && escaped_string_size; p++) { c = (unsigned char) *p; - len--; if (!ACCEPTABLE(c)) { + if (escaped_string_size < 3) { + break; + } + *q++ = '%'; /* means hex coming */ *q++ = hex[c >> 4]; *q++ = hex[c & 15]; + escaped_string_size -= 3; } else { *q++ = *p; + escaped_string_size -= 1; } } |