diff options
author | Bastien Montagne <montagne29@wanadoo.fr> | 2016-06-27 13:38:12 +0300 |
---|---|---|
committer | Bastien Montagne <montagne29@wanadoo.fr> | 2016-06-27 13:38:12 +0300 |
commit | ab921321e1ca6303ee0fa2f2de511b490d9d6427 (patch) | |
tree | 0311f2eab7eec7aab0bebeec2f4394cb2f5fbc61 /source/blender | |
parent | 5f77266baf20c68befcd2dcffeed67b665f8ccc5 (diff) |
Fix (unreported) potential buffer overflow with BLO_library_path_explode() usage.
Also added warning to func doc, let's try to avoid this in future (for until we
pass string length systematically...).
Diffstat (limited to 'source/blender')
-rw-r--r-- | source/blender/blenloader/intern/readfile.c | 1 | ||||
-rw-r--r-- | source/blender/editors/space_file/filelist.c | 9 | ||||
-rw-r--r-- | source/blender/imbuf/intern/thumbs.c | 4 |
3 files changed, 9 insertions, 5 deletions
diff --git a/source/blender/blenloader/intern/readfile.c b/source/blender/blenloader/intern/readfile.c index 8e69408bfd8..323f0a93e05 100644 --- a/source/blender/blenloader/intern/readfile.c +++ b/source/blender/blenloader/intern/readfile.c @@ -1326,6 +1326,7 @@ bool BLO_has_bfile_extension(const char *str) * * \param path the full path to explode. * \param r_dir the string that'll contain path up to blend file itself ('library' path). + * WARNING! Must be FILE_MAX_LIBEXTRA long (it also stores group and name strings)! * \param r_group the string that'll contain 'group' part of the path, if any. May be NULL. * \param r_name the string that'll contain data's name part of the path, if any. May be NULL. * \return true if path contains a blend file. diff --git a/source/blender/editors/space_file/filelist.c b/source/blender/editors/space_file/filelist.c index fc3341bfb92..5e9eb1f9207 100644 --- a/source/blender/editors/space_file/filelist.c +++ b/source/blender/editors/space_file/filelist.c @@ -624,7 +624,7 @@ static bool is_filtered_file(FileListInternEntry *file, const char *UNUSED(root) static bool is_filtered_lib(FileListInternEntry *file, const char *root, FileListFilter *filter) { bool is_filtered; - char path[FILE_MAX_LIBEXTRA], dir[FILE_MAXDIR], *group, *name; + char path[FILE_MAX_LIBEXTRA], dir[FILE_MAX_LIBEXTRA], *group, *name; BLI_join_dirfile(path, sizeof(path), root, file->relpath); @@ -697,7 +697,7 @@ void filelist_filter(FileList *filelist) if (filelist->max_recursion) { /* Never show lib ID 'categories' directories when we are in 'flat' mode, unless * root path is a blend file. */ - char dir[FILE_MAXDIR]; + char dir[FILE_MAX_LIBEXTRA]; if (!filelist_islibrary(filelist, dir, NULL)) { filelist->filter_data.flags |= FLF_HIDE_LIB_DIR; } @@ -947,7 +947,7 @@ static void filelist_checkdir_dir(struct FileList *UNUSED(filelist), char *r_dir static void filelist_checkdir_lib(struct FileList *UNUSED(filelist), char *r_dir) { - char dir[FILE_MAXDIR]; + char dir[FILE_MAX_LIBEXTRA]; if (!BLO_library_path_explode(r_dir, dir, NULL, NULL)) { /* if not a valid library, we need it to be a valid directory! */ BLI_make_exist(r_dir); @@ -2113,6 +2113,7 @@ unsigned int filelist_entry_select_index_get(FileList *filelist, const int index return 0; } +/* WARNING! dir must be FILE_MAX_LIBEXTRA long! */ bool filelist_islibrary(struct FileList *filelist, char *dir, char **group) { return BLO_library_path_explode(filelist->filelist.root, dir, group, NULL); @@ -2208,7 +2209,7 @@ static int filelist_readjob_list_lib(const char *root, ListBase *entries, const FileListInternEntry *entry; LinkNode *ln, *names; int i, nnames, idcode = 0, nbr_entries = 0; - char dir[FILE_MAX], *group; + char dir[FILE_MAX_LIBEXTRA], *group; bool ok; struct BlendHandle *libfiledata = NULL; diff --git a/source/blender/imbuf/intern/thumbs.c b/source/blender/imbuf/intern/thumbs.c index 95d061bcb75..3629332a4ac 100644 --- a/source/blender/imbuf/intern/thumbs.c +++ b/source/blender/imbuf/intern/thumbs.c @@ -46,6 +46,8 @@ #include "BLO_readfile.h" +#include "DNA_space_types.h" /* For FILE_MAX_LIBEXTRA */ + #include "IMB_imbuf_types.h" #include "IMB_imbuf.h" #include "IMB_thumbs.h" @@ -533,7 +535,7 @@ ImBuf *IMB_thumb_manage(const char *org_path, ThumbSize size, ThumbSource source char thumb_path[FILE_MAX]; char thumb_name[40]; char uri[URI_MAX]; - char path_buff[FILE_MAX]; + char path_buff[FILE_MAX_LIBEXTRA]; const char *file_path; const char *path; BLI_stat_t st; |