diff options
author | Bastien Montagne <montagne29@wanadoo.fr> | 2016-01-27 20:04:50 +0300 |
---|---|---|
committer | Bastien Montagne <montagne29@wanadoo.fr> | 2016-01-27 20:04:50 +0300 |
commit | 66aa4af83611de2c59d9e8ab4ded1b48bec4a635 (patch) | |
tree | da0fe05c1c27905fa0ea836345b9dd650af034b1 /source/blender | |
parent | 4e2eea63a4d754744d94de3937d0b29d87ae13f7 (diff) |
Fix T47252: FileBrowser: buffer overflow with scripts defining too long 'filter_glob' string.
Fixed this with three changes:
* filter_glob is now 255 char max (63 could be a bit limited in some rare cases).
* IO templates now explicitely define max len of that property (such that scripters are aware of the limit).
* ED_fileselect_set_params() is now safe regarding too long strings from a 'filter_glob' op property.
Diffstat (limited to 'source/blender')
-rw-r--r-- | source/blender/editors/space_file/filelist.c | 2 | ||||
-rw-r--r-- | source/blender/editors/space_file/filesel.c | 8 | ||||
-rw-r--r-- | source/blender/makesdna/DNA_space_types.h | 2 |
3 files changed, 9 insertions, 3 deletions
diff --git a/source/blender/editors/space_file/filelist.c b/source/blender/editors/space_file/filelist.c index 98eed5bdc7d..207879c2809 100644 --- a/source/blender/editors/space_file/filelist.c +++ b/source/blender/editors/space_file/filelist.c @@ -270,7 +270,7 @@ typedef struct FileListEntryPreview { typedef struct FileListFilter { unsigned int filter; unsigned int filter_id; - char filter_glob[64]; + char filter_glob[256]; char filter_search[66]; /* + 2 for heading/trailing implicit '*' wildcards. */ short flags; } FileListFilter; diff --git a/source/blender/editors/space_file/filesel.c b/source/blender/editors/space_file/filesel.c index a83cae6eb17..981b101519c 100644 --- a/source/blender/editors/space_file/filesel.c +++ b/source/blender/editors/space_file/filesel.c @@ -186,7 +186,13 @@ short ED_fileselect_set_params(SpaceFile *sfile) if ((prop = RNA_struct_find_property(op->ptr, "filter_collada"))) params->filter |= RNA_property_boolean_get(op->ptr, prop) ? FILE_TYPE_COLLADA : 0; if ((prop = RNA_struct_find_property(op->ptr, "filter_glob"))) { - RNA_property_string_get(op->ptr, prop, params->filter_glob); + /* Protection against pyscripts not setting proper size limit... */ + char *tmp = RNA_property_string_get_alloc( + op->ptr, prop, params->filter_glob, sizeof(params->filter_glob), NULL); + if (tmp != params->filter_glob) { + BLI_strncpy(params->filter_glob, tmp, sizeof(params->filter_glob)); + MEM_freeN(tmp); + } params->filter |= (FILE_TYPE_OPERATOR | FILE_TYPE_FOLDER); } else { diff --git a/source/blender/makesdna/DNA_space_types.h b/source/blender/makesdna/DNA_space_types.h index b0f165bae72..48ad5977b07 100644 --- a/source/blender/makesdna/DNA_space_types.h +++ b/source/blender/makesdna/DNA_space_types.h @@ -591,7 +591,7 @@ typedef struct FileSelectParams { char renamefile[256]; char renameedit[256]; /* annoying but the first is only used for initialization */ - char filter_glob[64]; /* list of filetypes to filter */ + char filter_glob[256]; /* list of filetypes to filter */ char filter_search[64]; /* text items' name must match to be shown. */ int filter_id; /* same as filter, but for ID types (aka library groups). */ |