From 1b47d07d7661b26b462f0e6fe87dabeb24d85168 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= Date: Fri, 18 Feb 2022 16:32:33 +0100 Subject: Fix T95724: boundary error in `BLI_str_unescape_ex` Fix boundary error in `BLI_str_unescape_ex`. The `dst_maxncpy` parameter indicates the maximum buffer size, not the maximum number of characters. As these are strings, the loop has to stop one byte early to allow space for the trailing zero byte. Thanks @mano-wii for the patch! --- source/blender/blenlib/intern/string.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source/blender/blenlib/intern/string.c') diff --git a/source/blender/blenlib/intern/string.c b/source/blender/blenlib/intern/string.c index 2c626773871..2e23bacfb28 100644 --- a/source/blender/blenlib/intern/string.c +++ b/source/blender/blenlib/intern/string.c @@ -323,8 +323,9 @@ size_t BLI_str_unescape_ex(char *__restrict dst, { size_t len = 0; bool is_complete = true; + const size_t max_strlen = dst_maxncpy - 1; /* Account for trailing zero byte. */ for (const char *src_end = src + src_maxncpy; (src < src_end) && *src; src++) { - if (UNLIKELY(len == dst_maxncpy)) { + if (UNLIKELY(len == max_strlen)) { is_complete = false; break; } -- cgit v1.2.3