diff options
author | Campbell Barton <ideasman42@gmail.com> | 2015-06-04 09:48:56 +0300 |
---|---|---|
committer | Campbell Barton <ideasman42@gmail.com> | 2015-06-04 09:48:56 +0300 |
commit | cf7a5e93f8d89d8b5382b07834dd0e9fc694254b (patch) | |
tree | 81cd17325f832e7d7181565b37e29049315e33d1 /source | |
parent | 3eb38a79d8843ef57e41156371058f7fb0d8dd6f (diff) |
Fix buffer overrun searching program path on win32
Diffstat (limited to 'source')
-rw-r--r-- | source/blender/blenlib/intern/path_util.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/source/blender/blenlib/intern/path_util.c b/source/blender/blenlib/intern/path_util.c index e85f72f6717..9cf360a77e3 100644 --- a/source/blender/blenlib/intern/path_util.c +++ b/source/blender/blenlib/intern/path_util.c @@ -57,6 +57,7 @@ # include <shlobj.h> # include "BLI_winstuff.h" # include "MEM_guardedalloc.h" +# include "BLI_alloca.h" #else # include "unistd.h" #endif /* WIN32 */ @@ -1033,27 +1034,34 @@ bool BLI_path_program_extensions_add_win32(char *name, const size_t maxlen) type = BLI_exists(name); if ((type == 0) || S_ISDIR(type)) { - char filename[FILE_MAX]; + /* typically 3-5, ".EXE", ".BAT"... etc */ + const int ext_max = 12; const char *ext = getenv("PATHEXT"); if (ext) { const int name_len = strlen(name); + char *filename = alloca(name_len + ext_max); + char *filename_ext; const char *ext_next; + /* null terminated in the loop */ memcpy(filename, name, name_len); + filename_ext = filename + name_len; + do { int ext_len; - ext_next = strchr(ext, ';'); ext_len = ext_next ? ((ext_next++) - ext) : strlen(ext); - memcpy(filename + name_len, ext, ext_len); - filename[name_len + ext_len] = '\0'; + if (LIKELY(ext_len < ext_max)) { + memcpy(filename_ext, ext, ext_len); + filename_ext[ext_len] = '\0'; - type = BLI_exists(filename); - if (type && (!S_ISDIR(type))) { - retval = true; - BLI_strncpy(name, filename, maxlen); - break; + type = BLI_exists(filename); + if (type && (!S_ISDIR(type))) { + retval = true; + BLI_strncpy(name, filename, maxlen); + break; + } } } while ((ext = ext_next)); } |