From 41f2ea4045b183b7e2d0c5f61d7ab7958267122e Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Thu, 27 May 2021 17:16:08 +1000 Subject: Fix incorrect BLI_snprintf usage Event though in practice this wasn't causing problems as the fixed size buffers are generally large enough not to truncate text. Using the result from `snprint` or `BLI_snprintf` to step over a fixed size buffer allows for buffer overruns as the returned value is the size needed to copy the entire string, not the number of bytes copied. Building strings using this convention with multiple calls: ofs += BLI_snprintf(str + ofs, str_len_max - ofs); .. caused the size argument to become negative, wrapping it to a large value when cast to the unsigned argument. --- source/blender/editors/interface/interface_templates.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source/blender/editors/interface/interface_templates.c') diff --git a/source/blender/editors/interface/interface_templates.c b/source/blender/editors/interface/interface_templates.c index e3df9704826..dad3ccbe213 100644 --- a/source/blender/editors/interface/interface_templates.c +++ b/source/blender/editors/interface/interface_templates.c @@ -1078,7 +1078,7 @@ static void template_ID(const bContext *C, char numstr[32]; short numstr_len; - numstr_len = BLI_snprintf(numstr, sizeof(numstr), "%d", ID_REAL_USERS(id)); + numstr_len = BLI_snprintf_rlen(numstr, sizeof(numstr), "%d", ID_REAL_USERS(id)); but = uiDefBut( block, -- cgit v1.2.3 From 5721c89ba8a5d6b2a1cb275a49aa63ba25fc61cb Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Thu, 27 May 2021 22:44:02 +1000 Subject: Cleanup: rename BKE_main_id_{clear_newpoins => newptr_and_tag_clear} It wasn't obvious this function cleared the tag as well. --- source/blender/editors/interface/interface_templates.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source/blender/editors/interface/interface_templates.c') diff --git a/source/blender/editors/interface/interface_templates.c b/source/blender/editors/interface/interface_templates.c index dad3ccbe213..3990ad68c4d 100644 --- a/source/blender/editors/interface/interface_templates.c +++ b/source/blender/editors/interface/interface_templates.c @@ -653,7 +653,7 @@ static void template_id_cb(bContext *C, void *arg_litem, void *arg_event) /* Only remap that specific ID usage to overriding local data-block. */ ID *override_id = BKE_lib_override_library_create_from_id(bmain, id, false); if (override_id != NULL) { - BKE_main_id_clear_newpoins(bmain); + BKE_main_id_newptr_and_tag_clear(bmain); if (GS(override_id->name) == ID_OB) { Scene *scene = CTX_data_scene(C); @@ -672,7 +672,7 @@ static void template_id_cb(bContext *C, void *arg_litem, void *arg_event) } else { if (BKE_lib_id_make_local(bmain, id, false, 0)) { - BKE_main_id_clear_newpoins(bmain); + BKE_main_id_newptr_and_tag_clear(bmain); /* reassign to get get proper updates/notifiers */ idptr = RNA_property_pointer_get(&template_ui->ptr, template_ui->prop); -- cgit v1.2.3