From 3409eb429ead652c0955ee06af09de31af379276 Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Tue, 11 May 2010 19:37:17 +0000 Subject: fix for crash reading pointcache, was reading over the buffer size, use lzo1x_decompress_safe rather then lzo1x_decompress --- source/blender/blenkernel/intern/pointcache.c | 30 +++++++++++++---------- source/blender/makesrna/intern/rna_object_force.c | 2 +- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/source/blender/blenkernel/intern/pointcache.c b/source/blender/blenkernel/intern/pointcache.c index b42ac6fdf49..557c1fe0d46 100644 --- a/source/blender/blenkernel/intern/pointcache.c +++ b/source/blender/blenkernel/intern/pointcache.c @@ -812,23 +812,27 @@ static int ptcache_compress_read(PTCacheFile *pf, unsigned char *result, unsigne ptcache_file_read(pf, &compressed, 1, sizeof(unsigned char)); if(compressed) { ptcache_file_read(pf, &in_len, 1, sizeof(unsigned int)); - in = (unsigned char *)MEM_callocN(sizeof(unsigned char)*in_len, "pointcache_compressed_buffer"); - ptcache_file_read(pf, in, in_len, sizeof(unsigned char)); - + if(in_len==0) { + /* do nothing */ + } + else { + in = (unsigned char *)MEM_callocN(sizeof(unsigned char)*in_len, "pointcache_compressed_buffer"); + ptcache_file_read(pf, in, in_len, sizeof(unsigned char)); #ifdef WITH_LZO - if(compressed == 1) - r = lzo1x_decompress(in, (lzo_uint)in_len, result, (lzo_uint *)&out_len, NULL); + if(compressed == 1) + r = lzo1x_decompress_safe(in, (lzo_uint)in_len, result, (lzo_uint *)&out_len, NULL); #endif #ifdef WITH_LZMA - if(compressed == 2) - { - size_t leni = in_len, leno = out_len; - ptcache_file_read(pf, &sizeOfIt, 1, sizeof(unsigned int)); - ptcache_file_read(pf, props, sizeOfIt, sizeof(unsigned char)); - r = LzmaUncompress(result, &leno, in, &leni, props, sizeOfIt); - } + if(compressed == 2) + { + size_t leni = in_len, leno = out_len; + ptcache_file_read(pf, &sizeOfIt, 1, sizeof(unsigned int)); + ptcache_file_read(pf, props, sizeOfIt, sizeof(unsigned char)); + r = LzmaUncompress(result, &leno, in, &leni, props, sizeOfIt); + } #endif - MEM_freeN(in); + MEM_freeN(in); + } } else { ptcache_file_read(pf, result, len, sizeof(unsigned char)); diff --git a/source/blender/makesrna/intern/rna_object_force.c b/source/blender/makesrna/intern/rna_object_force.c index 5cb58d50f8f..0069f3332e8 100644 --- a/source/blender/makesrna/intern/rna_object_force.c +++ b/source/blender/makesrna/intern/rna_object_force.c @@ -749,7 +749,7 @@ static void rna_def_pointcache(BlenderRNA *brna) prop= RNA_def_property(srna, "use_library_path", PROP_BOOLEAN, PROP_NONE); RNA_def_property_boolean_negative_sdna(prop, NULL, "flag", PTCACHE_IGNORE_LIBPATH); - RNA_def_property_ui_text(prop, "Library Path", "Use this files path when library linked indo another file."); + RNA_def_property_ui_text(prop, "Library Path", "Use this files path when library linked into another file."); RNA_def_property_update(prop, NC_OBJECT, "rna_Cache_idname_change"); prop= RNA_def_property(srna, "point_cache_list", PROP_COLLECTION, PROP_NONE); -- cgit v1.2.3