From 7ac0272b776a18cbf4de2aa447cadd50909606c2 Mon Sep 17 00:00:00 2001
From: Philipp Oeser <info@graphics-engineer.com>
Date: Fri, 1 Jun 2018 11:58:50 +0200
Subject: Fix T55140: opened image doesn't show up in movie clip editor

atoi usage in BLI_stringdec could overflow, use strtoll instead and
check
valid range with INT_MIN and INT_MAX

Reviewed By: campbellbarton

Differential Revision: https://developer.blender.org/D3452
---
 source/blender/blenlib/intern/path_util.c | 36 +++++++++++++++++--------------
 1 file changed, 20 insertions(+), 16 deletions(-)

(limited to 'source/blender/blenlib')

diff --git a/source/blender/blenlib/intern/path_util.c b/source/blender/blenlib/intern/path_util.c
index 0533126fe56..f59ef7fd39f 100644
--- a/source/blender/blenlib/intern/path_util.c
+++ b/source/blender/blenlib/intern/path_util.c
@@ -113,25 +113,29 @@ int BLI_stringdec(const char *string, char *head, char *tail, unsigned short *nu
 	}
 
 	if (found_digit) {
-		if (tail) strcpy(tail, &string[nume + 1]);
-		if (head) {
-			strcpy(head, string);
-			head[nums] = 0;
+		char *ptr;
+		long ret;
+		ret = strtoll(&(string[nums]), &ptr, 10);
+		if (ret >= INT_MIN && ret <= INT_MAX) {
+			if (tail) strcpy(tail, &string[nume + 1]);
+			if (head) {
+				strcpy(head, string);
+				head[nums] = 0;
+			}
+			if (numlen) *numlen = nume - nums + 1;
+			return ((int)ret);
 		}
-		if (numlen) *numlen = nume - nums + 1;
-		return ((int)atoi(&(string[nums])));
 	}
-	else {
-		if (tail) strcpy(tail, string + name_end);
-		if (head) {
-			/* name_end points to last character of head,
-			 * make it +1 so null-terminator is nicely placed
-			 */
-			BLI_strncpy(head, string, name_end + 1);
-		}
-		if (numlen) *numlen = 0;
-		return 0;
+
+	if (tail) strcpy(tail, string + name_end);
+	if (head) {
+		/* name_end points to last character of head,
+		 * make it +1 so null-terminator is nicely placed
+		 */
+		BLI_strncpy(head, string, name_end + 1);
 	}
+	if (numlen) *numlen = 0;
+	return 0;
 }
 
 
-- 
cgit v1.2.3