From 088df2bb03f3e8620cab9e466272850a03db5cc8 Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Mon, 14 Dec 2020 18:44:04 +1100 Subject: Fix missing string escape for RNA path creation --- source/blender/blenkernel/intern/ipo.c | 23 +++++++++++++++++----- source/blender/blenkernel/intern/object.c | 21 ++++++++++++++------ source/blender/blenloader/intern/versioning_270.c | 4 +++- .../blender/blenloader/intern/versioning_cycles.c | 15 +++++++++----- source/blender/draw/intern/draw_instance_data.c | 10 +++++++--- source/blender/io/collada/AnimationImporter.cpp | 5 ++++- source/blender/io/collada/ArmatureImporter.cpp | 4 +++- source/blender/io/collada/collada_utils.cpp | 4 +++- source/blender/makesrna/intern/rna_gpencil.c | 10 +++++----- source/blender/makesrna/intern/rna_scene.c | 4 +++- source/blender/makesrna/intern/rna_sequencer.c | 5 ++++- source/blender/modifiers/intern/MOD_nodes.cc | 8 ++++++-- 12 files changed, 81 insertions(+), 32 deletions(-) (limited to 'source') diff --git a/source/blender/blenkernel/intern/ipo.c b/source/blender/blenkernel/intern/ipo.c index 2344adf7af9..0e611b21304 100644 --- a/source/blender/blenkernel/intern/ipo.c +++ b/source/blender/blenkernel/intern/ipo.c @@ -467,7 +467,9 @@ static char *shapekey_adrcodes_to_paths(ID *id, int adrcode, int *UNUSED(array_i /* setting that we alter is the "value" (i.e. keyblock.curval) */ if (kb) { /* Use the keyblock name, escaped, so that path lookups for this will work */ - BLI_snprintf(buf, sizeof(buf), "key_blocks[\"%s\"].value", kb->name); + char kb_name_esc[sizeof(kb->name) * 2]; + BLI_str_escape(kb_name_esc, kb->name, sizeof(kb_name_esc)); + BLI_snprintf(buf, sizeof(buf), "key_blocks[\"%s\"].value", kb_name_esc); } else { /* Fallback - Use the adrcode as index directly, so that this can be manually fixed */ @@ -1160,7 +1162,12 @@ static char *get_rna_access(ID *id, /* note, strings are not escapted and they should be! */ if ((actname && actname[0]) && (constname && constname[0])) { /* Constraint in Pose-Channel */ - BLI_snprintf(buf, sizeof(buf), "pose.bones[\"%s\"].constraints[\"%s\"]", actname, constname); + char actname_esc[sizeof(((bActionChannel *)NULL)->name) * 2]; + char constname_esc[sizeof(((bConstraint *)NULL)->name) * 2]; + BLI_str_escape(actname_esc, actname, sizeof(actname_esc)); + BLI_str_escape(constname_esc, constname, sizeof(constname_esc)); + BLI_snprintf( + buf, sizeof(buf), "pose.bones[\"%s\"].constraints[\"%s\"]", actname_esc, constname_esc); } else if (actname && actname[0]) { if ((blocktype == ID_OB) && STREQ(actname, "Object")) { @@ -1174,16 +1181,22 @@ static char *get_rna_access(ID *id, } else { /* Pose-Channel */ - BLI_snprintf(buf, sizeof(buf), "pose.bones[\"%s\"]", actname); + char actname_esc[sizeof(((bActionChannel *)NULL)->name) * 2]; + BLI_str_escape(actname_esc, actname, sizeof(actname_esc)); + BLI_snprintf(buf, sizeof(buf), "pose.bones[\"%s\"]", actname_esc); } } else if (constname && constname[0]) { /* Constraint in Object */ - BLI_snprintf(buf, sizeof(buf), "constraints[\"%s\"]", constname); + char constname_esc[sizeof(((bConstraint *)NULL)->name) * 2]; + BLI_str_escape(constname_esc, constname, sizeof(constname_esc)); + BLI_snprintf(buf, sizeof(buf), "constraints[\"%s\"]", constname_esc); } else if (seq) { /* Sequence names in Scene */ - BLI_snprintf(buf, sizeof(buf), "sequence_editor.sequences_all[\"%s\"]", seq->name + 2); + char seq_name_esc[(sizeof(seq->name) - 2) * 2]; + BLI_str_escape(seq_name_esc, seq->name + 2, sizeof(seq_name_esc)); + BLI_snprintf(buf, sizeof(buf), "sequence_editor.sequences_all[\"%s\"]", seq_name_esc); } else { buf[0] = '\0'; /* empty string */ diff --git a/source/blender/blenkernel/intern/object.c b/source/blender/blenkernel/intern/object.c index 88a604a7b62..bdb907df1ac 100644 --- a/source/blender/blenkernel/intern/object.c +++ b/source/blender/blenkernel/intern/object.c @@ -5217,8 +5217,11 @@ bool BKE_object_modifier_use_time(Object *ob, ModifierData *md) AnimData *adt = ob->adt; FCurve *fcu; - char pattern[MAX_NAME + 16]; - BLI_snprintf(pattern, sizeof(pattern), "modifiers[\"%s\"]", md->name); + char md_name_esc[sizeof(md->name) * 2]; + BLI_str_escape(md_name_esc, md->name, sizeof(md_name_esc)); + + char pattern[sizeof(md_name_esc) + 16]; + BLI_snprintf(pattern, sizeof(pattern), "modifiers[\"%s\"]", md_name_esc); /* action - check for F-Curves with paths containing 'modifiers[' */ if (adt->action) { @@ -5260,8 +5263,11 @@ bool BKE_object_modifier_gpencil_use_time(Object *ob, GpencilModifierData *md) AnimData *adt = ob->adt; FCurve *fcu; - char pattern[MAX_NAME + 32]; - BLI_snprintf(pattern, sizeof(pattern), "grease_pencil_modifiers[\"%s\"]", md->name); + char md_name_esc[sizeof(md->name) * 2]; + BLI_str_escape(md_name_esc, md->name, sizeof(md_name_esc)); + + char pattern[sizeof(md_name_esc) + 32]; + BLI_snprintf(pattern, sizeof(pattern), "grease_pencil_modifiers[\"%s\"]", md_name_esc); /* action - check for F-Curves with paths containing 'grease_pencil_modifiers[' */ if (adt->action) { @@ -5295,8 +5301,11 @@ bool BKE_object_shaderfx_use_time(Object *ob, ShaderFxData *fx) AnimData *adt = ob->adt; FCurve *fcu; - char pattern[MAX_NAME + 32]; - BLI_snprintf(pattern, sizeof(pattern), "shader_effects[\"%s\"]", fx->name); + char fx_name_esc[sizeof(fx->name) * 2]; + BLI_str_escape(fx_name_esc, fx->name, sizeof(fx_name_esc)); + + char pattern[sizeof(fx_name_esc) + 32]; + BLI_snprintf(pattern, sizeof(pattern), "shader_effects[\"%s\"]", fx_name_esc); /* action - check for F-Curves with paths containing string[' */ if (adt->action) { diff --git a/source/blender/blenloader/intern/versioning_270.c b/source/blender/blenloader/intern/versioning_270.c index adc2b55b350..b07d1ea66b1 100644 --- a/source/blender/blenloader/intern/versioning_270.c +++ b/source/blender/blenloader/intern/versioning_270.c @@ -301,7 +301,9 @@ static void do_version_hue_sat_node(bNodeTree *ntree, bNode *node) /* Take care of possible animation. */ AnimData *adt = BKE_animdata_from_id(&ntree->id); if (adt != NULL && adt->action != NULL) { - const char *prefix = BLI_sprintfN("nodes[\"%s\"]", node->name); + char node_name_esc[sizeof(node->name) * 2]; + BLI_str_escape(node_name_esc, node->name, sizeof(node_name_esc)); + const char *prefix = BLI_sprintfN("nodes[\"%s\"]", node_name_esc); for (FCurve *fcu = adt->action->curves.first; fcu != NULL; fcu = fcu->next) { if (STRPREFIX(fcu->rna_path, prefix)) { anim_change_prop_name(fcu, prefix, "color_hue", "inputs[1].default_value"); diff --git a/source/blender/blenloader/intern/versioning_cycles.c b/source/blender/blenloader/intern/versioning_cycles.c index 19e392734f0..631abe10ddc 100644 --- a/source/blender/blenloader/intern/versioning_cycles.c +++ b/source/blender/blenloader/intern/versioning_cycles.c @@ -840,12 +840,14 @@ static void update_mapping_node_fcurve_rna_path_callback(ID *UNUSED(id), fcurve->rna_path = BLI_sprintfN("%s.%s", data->nodePath, "inputs[3].default_value"); } else if (data->minimumNode && BLI_str_endswith(old_fcurve_rna_path, "max")) { - fcurve->rna_path = BLI_sprintfN( - "nodes[\"%s\"].%s", data->minimumNode->name, "inputs[1].default_value"); + char node_name_esc[sizeof(data->minimumNode->name) * 2]; + BLI_str_escape(node_name_esc, data->minimumNode->name, sizeof(node_name_esc)); + fcurve->rna_path = BLI_sprintfN("nodes[\"%s\"].%s", node_name_esc, "inputs[1].default_value"); } else if (data->maximumNode && BLI_str_endswith(old_fcurve_rna_path, "min")) { - fcurve->rna_path = BLI_sprintfN( - "nodes[\"%s\"].%s", data->maximumNode->name, "inputs[1].default_value"); + char node_name_esc[sizeof(data->maximumNode->name) * 2]; + BLI_str_escape(node_name_esc, data->maximumNode->name, sizeof(node_name_esc)); + fcurve->rna_path = BLI_sprintfN("nodes[\"%s\"].%s", node_name_esc, "inputs[1].default_value"); } if (fcurve->rna_path != old_fcurve_rna_path) { @@ -955,7 +957,10 @@ static void update_mapping_node_inputs_and_properties(bNodeTree *ntree) MEM_freeN(node->storage); node->storage = NULL; - char *nodePath = BLI_sprintfN("nodes[\"%s\"]", node->name); + char node_name_esc[sizeof(node->name) * 2]; + BLI_str_escape(node_name_esc, node->name, sizeof(node_name_esc)); + + char *nodePath = BLI_sprintfN("nodes[\"%s\"]", node_name_esc); MappingNodeFCurveCallbackData data = {nodePath, minimumNode, maximumNode}; BKE_fcurves_id_cb(&ntree->id, update_mapping_node_fcurve_rna_path_callback, &data); MEM_freeN(nodePath); diff --git a/source/blender/draw/intern/draw_instance_data.c b/source/blender/draw/intern/draw_instance_data.c index f1598ea2fff..ba03cee8149 100644 --- a/source/blender/draw/intern/draw_instance_data.c +++ b/source/blender/draw/intern/draw_instance_data.c @@ -669,10 +669,14 @@ static void drw_uniform_attribute_lookup(GPUUniformAttr *attr, DupliObject *dupli_source, float r_data[4]) { - char idprop_name[sizeof(attr->name) + 4]; - copy_v4_fl(r_data, 0); - sprintf(idprop_name, "[\"%s\"]", attr->name); + + char idprop_name[(sizeof(attr->name) * 2) + 4]; + { + char attr_name_esc[sizeof(attr->name) * 2]; + BLI_str_escape(attr_name_esc, attr->name, sizeof(attr_name_esc)); + SNPRINTF(idprop_name, "[\"%s\"]", attr_name_esc); + } /* If requesting instance data, check the parent particle system and object. */ if (attr->use_dupli) { diff --git a/source/blender/io/collada/AnimationImporter.cpp b/source/blender/io/collada/AnimationImporter.cpp index 77ccdeae28d..9f54bf2aa28 100644 --- a/source/blender/io/collada/AnimationImporter.cpp +++ b/source/blender/io/collada/AnimationImporter.cpp @@ -385,7 +385,10 @@ virtual void AnimationImporter::change_eul_to_quat(Object *ob, bAction *act) char joint_path[100]; char rna_path[100]; - BLI_snprintf(joint_path, sizeof(joint_path), "pose.bones[\"%s\"]", grp->name); + char grp_name_esc[sizeof(grp->name) * 2]; + BLI_str_escape(grp_name_esc, grp->name, sizeof(grp_name_esc)); + + BLI_snprintf(joint_path, sizeof(joint_path), "pose.bones[\"%s\"]", grp_name_esc); BLI_snprintf(rna_path, sizeof(rna_path), "%s.rotation_quaternion", joint_path); FCurve *quatcu[4] = { diff --git a/source/blender/io/collada/ArmatureImporter.cpp b/source/blender/io/collada/ArmatureImporter.cpp index 9533ca322f9..56716722b46 100644 --- a/source/blender/io/collada/ArmatureImporter.cpp +++ b/source/blender/io/collada/ArmatureImporter.cpp @@ -1037,7 +1037,9 @@ void ArmatureImporter::get_rna_path_for_joint(COLLADAFW::Node *node, char *joint_path, size_t count) { - BLI_snprintf(joint_path, count, "pose.bones[\"%s\"]", bc_get_joint_name(node)); + char bone_name_esc[sizeof(((Bone *)NULL)->name) * 2]; + BLI_str_escape(bone_name_esc, bc_get_joint_name(node), sizeof(bone_name_esc)); + BLI_snprintf(joint_path, count, "pose.bones[\"%s\"]", bone_name_esc); } /* gives a world-space mat */ diff --git a/source/blender/io/collada/collada_utils.cpp b/source/blender/io/collada/collada_utils.cpp index ad1cc1035fb..3c68de70248 100644 --- a/source/blender/io/collada/collada_utils.cpp +++ b/source/blender/io/collada/collada_utils.cpp @@ -832,7 +832,9 @@ void bc_enable_fcurves(bAction *act, char *bone_name) char prefix[200]; if (bone_name) { - BLI_snprintf(prefix, sizeof(prefix), "pose.bones[\"%s\"]", bone_name); + char bone_name_esc[sizeof(((Bone *)NULL)->name) * 2]; + BLI_str_escape(bone_name_esc, bone_name, sizeof(bone_name_esc)); + BLI_snprintf(prefix, sizeof(prefix), "pose.bones[\"%s\"]", bone_name_esc); } for (fcu = (FCurve *)act->curves.first; fcu; fcu = fcu->next) { diff --git a/source/blender/makesrna/intern/rna_gpencil.c b/source/blender/makesrna/intern/rna_gpencil.c index 7be9d14b1d1..72e11838fac 100644 --- a/source/blender/makesrna/intern/rna_gpencil.c +++ b/source/blender/makesrna/intern/rna_gpencil.c @@ -403,13 +403,13 @@ static char *rna_GPencilLayerMask_path(PointerRNA *ptr) bGPDlayer *gpl = BKE_gpencil_layer_active_get(gpd); bGPDlayer_Mask *mask = (bGPDlayer_Mask *)ptr->data; - char name_layer[sizeof(gpl->info) * 2]; - char name_mask[sizeof(mask->name) * 2]; + char gpl_info_esc[sizeof(gpl->info) * 2]; + char mask_name_esc[sizeof(mask->name) * 2]; - BLI_str_escape(name_layer, gpl->info, sizeof(name_layer)); - BLI_str_escape(name_mask, mask->name, sizeof(name_mask)); + BLI_str_escape(gpl_info_esc, gpl->info, sizeof(gpl_info_esc)); + BLI_str_escape(mask_name_esc, mask->name, sizeof(mask_name_esc)); - return BLI_sprintfN("layers[\"%s\"].mask_layers[\"%s\"]", name_layer, name_mask); + return BLI_sprintfN("layers[\"%s\"].mask_layers[\"%s\"]", gpl_info_esc, mask_name_esc); } static int rna_GPencil_active_mask_index_get(PointerRNA *ptr) diff --git a/source/blender/makesrna/intern/rna_scene.c b/source/blender/makesrna/intern/rna_scene.c index 72c6fda86cd..e149bb4ecad 100644 --- a/source/blender/makesrna/intern/rna_scene.c +++ b/source/blender/makesrna/intern/rna_scene.c @@ -1812,7 +1812,9 @@ void rna_ViewLayer_pass_update(Main *bmain, Scene *activescene, PointerRNA *ptr) static char *rna_SceneRenderView_path(PointerRNA *ptr) { SceneRenderView *srv = (SceneRenderView *)ptr->data; - return BLI_sprintfN("render.views[\"%s\"]", srv->name); + char srv_name_esc[sizeof(srv->name) * 2]; + BLI_str_escape(srv_name_esc, srv->name, sizeof(srv_name_esc)); + return BLI_sprintfN("render.views[\"%s\"]", srv_name_esc); } static void rna_Scene_use_nodes_update(bContext *C, PointerRNA *ptr) diff --git a/source/blender/makesrna/intern/rna_sequencer.c b/source/blender/makesrna/intern/rna_sequencer.c index 9e7fbf2f9a9..eea6fd88ec7 100644 --- a/source/blender/makesrna/intern/rna_sequencer.c +++ b/source/blender/makesrna/intern/rna_sequencer.c @@ -1201,8 +1201,11 @@ static void rna_SequenceModifier_name_set(PointerRNA *ptr, const char *value) if (adt) { char path[1024]; + char seq_name_esc[(sizeof(seq->name) - 2) * 2]; + BLI_str_escape(seq_name_esc, seq->name + 2, sizeof(seq_name_esc)); + BLI_snprintf( - path, sizeof(path), "sequence_editor.sequences_all[\"%s\"].modifiers", seq->name + 2); + path, sizeof(path), "sequence_editor.sequences_all[\"%s\"].modifiers", seq_name_esc); BKE_animdata_fix_paths_rename(&scene->id, adt, NULL, path, oldname, smd->name, 0, 0, 1); } } diff --git a/source/blender/modifiers/intern/MOD_nodes.cc b/source/blender/modifiers/intern/MOD_nodes.cc index 513e16e1a89..6730ce1c8a8 100644 --- a/source/blender/modifiers/intern/MOD_nodes.cc +++ b/source/blender/modifiers/intern/MOD_nodes.cc @@ -976,8 +976,12 @@ static void draw_property_for_socket(uiLayout *layout, /* IDProperties can be removed with python, so there could be a situation where * there isn't a property for a socket or it doesn't have the correct type. */ if (property != nullptr && property_type->is_correct_type(*property)) { - char rna_path[128]; - BLI_snprintf(rna_path, ARRAY_SIZE(rna_path), "[\"%s\"]", socket.identifier); + + char socket_id_esc[sizeof(socket.identifier) * 2]; + BLI_str_escape(socket_id_esc, socket.identifier, sizeof(socket_id_esc)); + + char rna_path[sizeof(socket_id_esc) + 4]; + BLI_snprintf(rna_path, ARRAY_SIZE(rna_path), "[\"%s\"]", socket_id_esc); uiItemR(layout, settings_ptr, rna_path, 0, socket.name, ICON_NONE); } } -- cgit v1.2.3