diff options
author | Peter Schlaile <peter@schlaile.de> | 2007-01-07 22:52:13 +0300 |
---|---|---|
committer | Peter Schlaile <peter@schlaile.de> | 2007-01-07 22:52:13 +0300 |
commit | f38f16b0a0c66e78f5bdffdc9eaa7725afab9c34 (patch) | |
tree | 0680f62201ce73ae76e52187ed2462d7b7e4c358 /source/blender/src/toolbox.c | |
parent | 8bd9d253e1bd9cf9a9e34c9eccaad216b0ff166f (diff) |
== Toolbox ==
Bugfix:
Added sanity-checks proposed in
http://qa.mandriva.com/show_bug.cgi?id=24583
(strcpy without range checks is evil(tm) )
Diffstat (limited to 'source/blender/src/toolbox.c')
-rw-r--r-- | source/blender/src/toolbox.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/source/blender/src/toolbox.c b/source/blender/src/toolbox.c index 55d76e2190c..61ec55231bc 100644 --- a/source/blender/src/toolbox.c +++ b/source/blender/src/toolbox.c @@ -622,7 +622,10 @@ int do_clever_numbuts(char *name, int tot, int winevent) void add_numbut(int nr, int type, char *str, float min, float max, void *poin, char *tip) { - if(nr>=MAXNUMBUTS) return; + int tip_max = sizeof(numbuts[nr].tip); + int name_max = sizeof(numbuts[nr].name); + + if(nr >= MAXNUMBUTS || (nr < 0)) return; numbuts[nr].type= type; @@ -631,14 +634,26 @@ void add_numbut(int nr, int type, char *str, float min, float max, void *poin, c if (type==LABEL) { /* evil use it tooltip for the label string to get around the 16 char limit of "name" */ - strcpy(numbuts[nr].tip, str); + if (str) { + strncpy(numbuts[nr].tip, str, tip_max); + numbuts[nr].tip[tip_max-1] = 0; + } else { + strcpy(numbuts[nr].tip, ""); + } } else { /* for all other types */ - strcpy(numbuts[nr].name, str); - if(tip) - strcpy(numbuts[nr].tip, tip); - else + if (str) { + strncpy(numbuts[nr].name, str, name_max); + numbuts[nr].name[name_max-1] = 0; + } else { + strcpy(numbuts[nr].name, ""); + } + if (tip) { + strncpy(numbuts[nr].tip, tip, tip_max); + numbuts[nr].tip[tip_max-1] = 0; + } else { strcpy(numbuts[nr].tip, ""); + } } /*WATCH: TEX BUTTON EXCEPTION */ |