From 2b6f35d686a35a347aec93cae2f018b1f7312834 Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Mon, 15 Jul 2013 05:09:06 +0000 Subject: fix for error in string copy - BLI_strncpy_wchar_from_utf8 wasn't NULL terminating the destination string, caused uninitialized memory use in BPY_python_start(). - BLI_strncpy_wchar_as_utf8 could write one byte past the buffer bounds. --- source/blender/blenkernel/intern/font.c | 2 +- source/blender/blenlib/intern/string_utf8.c | 17 +++++++++++------ source/blender/editors/curve/editfont.c | 2 +- 3 files changed, 13 insertions(+), 8 deletions(-) (limited to 'source/blender') diff --git a/source/blender/blenkernel/intern/font.c b/source/blender/blenkernel/intern/font.c index b3edeb67928..7c23438f93d 100644 --- a/source/blender/blenkernel/intern/font.c +++ b/source/blender/blenkernel/intern/font.c @@ -516,7 +516,7 @@ struct CharTrans *BKE_vfont_to_curve(Main *bmain, Scene *scene, Object *ob, int /* Create unicode string */ utf8len = BLI_strlen_utf8(cu->str); - mem = MEM_callocN(((utf8len + 1) * sizeof(wchar_t)), "convertedmem"); + mem = MEM_mallocN(((utf8len + 1) * sizeof(wchar_t)), "convertedmem"); BLI_strncpy_wchar_from_utf8(mem, cu->str, utf8len + 1); diff --git a/source/blender/blenlib/intern/string_utf8.c b/source/blender/blenlib/intern/string_utf8.c index edfcdf145eb..a0ab16e24d6 100644 --- a/source/blender/blenlib/intern/string_utf8.c +++ b/source/blender/blenlib/intern/string_utf8.c @@ -197,6 +197,10 @@ char *BLI_strncpy_utf8(char *__restrict dst, const char *__restrict src, size_t BLI_assert(maxncpy != 0); +#ifdef DEBUG_STRSIZE + memset(dst, 0xff, sizeof(*dst) * maxncpy); +#endif + /* note: currently we don't attempt to deal with invalid utf8 chars */ BLI_STR_UTF8_CPY(dst, src, maxncpy); @@ -226,6 +230,7 @@ char *BLI_strncat_utf8(char *__restrict dst, const char *__restrict src, size_t size_t BLI_strncpy_wchar_as_utf8(char *__restrict dst, const wchar_t *__restrict src, const size_t maxncpy) { + const size_t maxlen = maxncpy - 1; size_t len = 0; BLI_assert(maxncpy != 0); @@ -234,7 +239,7 @@ size_t BLI_strncpy_wchar_as_utf8(char *__restrict dst, const wchar_t *__restrict memset(dst, 0xff, sizeof(*dst) * maxncpy); #endif - while (*src && len < maxncpy) { /* XXX can still run over the buffer because utf8 size isn't known :| */ + while (*src && len != maxlen) { /* XXX can still run over the buffer because utf8 size isn't known :| */ len += BLI_str_utf8_from_unicode((unsigned int)*src++, dst + len); } @@ -310,6 +315,7 @@ size_t BLI_strnlen_utf8(const char *strc, const size_t maxlen) size_t BLI_strncpy_wchar_from_utf8(wchar_t *__restrict dst_w, const char *__restrict src_c, const size_t maxncpy) { + const size_t maxlen = maxncpy - 1; size_t len = 0; BLI_assert(maxncpy != 0); @@ -318,11 +324,7 @@ size_t BLI_strncpy_wchar_from_utf8(wchar_t *__restrict dst_w, const char *__rest memset(dst_w, 0xff, sizeof(*dst_w) * maxncpy); #endif - if (dst_w == NULL || src_c == NULL) { - return 0; - } - - while (*src_c && len < maxncpy) { + while (*src_c && len != maxlen) { size_t step = 0; unsigned int unicode = BLI_str_utf8_as_unicode_and_size(src_c, &step); if (unicode != BLI_UTF8_ERR) { @@ -336,6 +338,9 @@ size_t BLI_strncpy_wchar_from_utf8(wchar_t *__restrict dst_w, const char *__rest dst_w++; len++; } + + *dst_w = 0; + return len; } diff --git a/source/blender/editors/curve/editfont.c b/source/blender/editors/curve/editfont.c index 5b2cc49d106..a04c3fc3c8f 100644 --- a/source/blender/editors/curve/editfont.c +++ b/source/blender/editors/curve/editfont.c @@ -380,7 +380,7 @@ static int paste_file(bContext *C, ReportList *reports, const char *filename) if (cu->len + filelen < MAXTEXT) { int tmplen; - wchar_t *mem = MEM_callocN((sizeof(wchar_t) * filelen) + (4 * sizeof(wchar_t)), "temporary"); + wchar_t *mem = MEM_mallocN((sizeof(wchar_t) * filelen) + (4 * sizeof(wchar_t)), "temporary"); tmplen = BLI_strncpy_wchar_from_utf8(mem, strp, filelen + 1); wcscat(ef->textbuf, mem); MEM_freeN(mem); -- cgit v1.2.3