From 317b649bb241726d8be1a700cd0028f28914595d Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Sat, 15 Oct 2011 03:56:05 +0000 Subject: fix for buffer overrun with BLI_split_dirfile(...), was simple to do since many places don't check for filename lengyj of 79 chars which is the limit for the file selector. Add max dir and file length args. --- source/blender/blenkernel/intern/pointcache.c | 2 +- source/blender/blenkernel/intern/sequencer.c | 4 ++-- source/blender/blenlib/BLI_path_util.h | 2 +- source/blender/blenlib/intern/bpath.c | 4 ++-- source/blender/blenlib/intern/path_util.c | 19 ++++++++++--------- source/blender/blenlib/intern/winstuff.c | 3 +-- source/blender/blenloader/intern/writefile.c | 4 ++-- source/blender/collada/DocumentImporter.cpp | 2 +- source/blender/collada/ImageExporter.cpp | 2 +- source/blender/editors/space_file/file_ops.c | 4 ++-- source/blender/editors/space_file/filesel.c | 6 +++--- .../editors/space_sequencer/sequencer_add.c | 2 +- .../editors/space_sequencer/space_sequencer.c | 2 +- source/blender/makesrna/intern/rna_sequencer.c | 22 ++++------------------ source/gameengine/Ketsji/KX_PythonInit.cpp | 4 ++-- 15 files changed, 34 insertions(+), 48 deletions(-) (limited to 'source') diff --git a/source/blender/blenkernel/intern/pointcache.c b/source/blender/blenkernel/intern/pointcache.c index fb69db17b97..bc5bc87b1fa 100644 --- a/source/blender/blenkernel/intern/pointcache.c +++ b/source/blender/blenkernel/intern/pointcache.c @@ -910,7 +910,7 @@ static int ptcache_path(PTCacheID *pid, char *filename) else if (G.relbase_valid || lib) { char file[MAX_PTCACHE_PATH]; /* we dont want the dir, only the file */ - BLI_split_dirfile(blendfilename, NULL, file); + BLI_split_dirfile(blendfilename, NULL, file, 0, sizeof(file)); i = strlen(file); /* remove .blend */ diff --git a/source/blender/blenkernel/intern/sequencer.c b/source/blender/blenkernel/intern/sequencer.c index 5a2c53f5b9b..00534400cf1 100644 --- a/source/blender/blenkernel/intern/sequencer.c +++ b/source/blender/blenkernel/intern/sequencer.c @@ -3647,7 +3647,7 @@ Sequence *sequencer_add_sound_strip(bContext *C, ListBase *seqbasep, SeqLoadInfo /* we only need 1 element to store the filename */ strip->stripdata= se= MEM_callocN(sizeof(StripElem), "stripelem"); - BLI_split_dirfile(seq_load->path, strip->dir, se->name); + BLI_split_dirfile(seq_load->path, strip->dir, se->name, sizeof(strip->dir), sizeof(se->name)); seq->scene_sound = sound_add_scene_sound(scene, seq, seq_load->start_frame, seq_load->start_frame + strip->len, 0); @@ -3706,7 +3706,7 @@ Sequence *sequencer_add_movie_strip(bContext *C, ListBase *seqbasep, SeqLoadInfo /* we only need 1 element for MOVIE strips */ strip->stripdata= se= MEM_callocN(sizeof(StripElem), "stripelem"); - BLI_split_dirfile(seq_load->path, strip->dir, se->name); + BLI_split_dirfile(seq_load->path, strip->dir, se->name, sizeof(strip->dir), sizeof(se->name)); calc_sequence_disp(scene, seq); diff --git a/source/blender/blenlib/BLI_path_util.h b/source/blender/blenlib/BLI_path_util.h index 81fc8a50db6..4f7f7b482b5 100644 --- a/source/blender/blenlib/BLI_path_util.h +++ b/source/blender/blenlib/BLI_path_util.h @@ -103,7 +103,7 @@ void BLI_setenv_if_new(const char *env, const char* val); void BLI_make_file_string(const char *relabase, char *string, const char *dir, const char *file); void BLI_make_exist(char *dir); void BLI_make_existing_file(const char *name); -void BLI_split_dirfile(const char *string, char *dir, char *file); +void BLI_split_dirfile(const char *string, char *dir, char *file, const size_t dirlen, const size_t filelen); void BLI_join_dirfile(char *string, const size_t maxlen, const char *dir, const char *file); char *BLI_path_basename(char *path); int BKE_rebase_path(char *abs, size_t abs_len, char *rel, size_t rel_len, const char *base_dir, const char *src_dir, const char *dest_dir); diff --git a/source/blender/blenlib/intern/bpath.c b/source/blender/blenlib/intern/bpath.c index 485b8137a02..4e4f8b3cade 100644 --- a/source/blender/blenlib/intern/bpath.c +++ b/source/blender/blenlib/intern/bpath.c @@ -400,7 +400,7 @@ static void seq_setpath(struct BPathIterator *bpi, const char *path) if (SEQ_HAS_PATH(seq)) { if (ELEM3(seq->type, SEQ_IMAGE, SEQ_MOVIE, SEQ_SOUND)) { - BLI_split_dirfile(path, seq->strip->dir, seq->strip->stripdata->name); + BLI_split_dirfile(path, seq->strip->dir, seq->strip->stripdata->name, sizeof(seq->strip->dir), sizeof(seq->strip->stripdata->name)); } else { /* simple case */ @@ -903,7 +903,7 @@ void findMissingFiles(Main *bmain, const char *str) //XXX waitcursor( 1 ); - BLI_split_dirfile(str, dirname, NULL); + BLI_split_dirfile(str, dirname, NULL, sizeof(dirname), 0); BLI_bpathIterator_init(&bpi, bmain, bmain->name, 0); diff --git a/source/blender/blenlib/intern/path_util.c b/source/blender/blenlib/intern/path_util.c index ab7d082c432..fe1d869f898 100644 --- a/source/blender/blenlib/intern/path_util.c +++ b/source/blender/blenlib/intern/path_util.c @@ -894,7 +894,7 @@ static int get_path_local(char *targetpath, const char *folder_name, const char } /* use argv[0] (bprogname) to get the path to the executable */ - BLI_split_dirfile(bprogname, bprogdir, NULL); + BLI_split_dirfile(bprogname, bprogdir, NULL, sizeof(bprogdir), 0); /* try EXECUTABLE_DIR/2.5x/folder_name - new default directory for local blender installed files */ if(test_path(targetpath, bprogdir, blender_version_decimal(ver), relfolder)) @@ -966,7 +966,7 @@ static int get_path_system(char *targetpath, const char *folder_name, const char char bprogdir[FILE_MAX]; /* use argv[0] (bprogname) to get the path to the executable */ - BLI_split_dirfile(bprogname, bprogdir, NULL); + BLI_split_dirfile(bprogname, bprogdir, NULL, sizeof(bprogdir), 0); if(folder_name) { if (subfolder_name) { @@ -1411,21 +1411,22 @@ int BLI_replace_extension(char *path, size_t maxlen, const char *ext) * - dosnt use CWD, or deal with relative paths. * - Only fill's in *dir and *file when they are non NULL * */ -void BLI_split_dirfile(const char *string, char *dir, char *file) +void BLI_split_dirfile(const char *string, char *dir, char *file, const size_t dirlen, const size_t filelen) { char *lslash_str = BLI_last_slash(string); - int lslash= lslash_str ? (int)(lslash_str - string) + 1 : 0; + size_t lslash= lslash_str ? (size_t)(lslash_str - string) + 1 : 0; if (dir) { if (lslash) { - BLI_strncpy( dir, string, lslash + 1); /* +1 to include the slash and the last char */ - } else { + BLI_strncpy( dir, string, MIN2(dirlen, lslash + 1)); /* +1 to include the slash and the last char */ + } + else { dir[0] = '\0'; } } if (file) { - strcpy( file, string+lslash); + BLI_strncpy(file, string+lslash, filelen); } } @@ -1515,7 +1516,7 @@ int BKE_rebase_path(char *abs, size_t abs_len, char *rel, size_t rel_len, const if (rel) rel[0]= 0; - BLI_split_dirfile(base_dir, blend_dir, NULL); + BLI_split_dirfile(base_dir, blend_dir, NULL, sizeof(blend_dir), 0); if (src_dir[0]=='\0') return 0; @@ -1526,7 +1527,7 @@ int BKE_rebase_path(char *abs, size_t abs_len, char *rel, size_t rel_len, const BLI_path_abs(path, base_dir); /* get the directory part */ - BLI_split_dirfile(path, dir, base); + BLI_split_dirfile(path, dir, base, sizeof(dir), sizeof(base)); len= strlen(blend_dir); diff --git a/source/blender/blenlib/intern/winstuff.c b/source/blender/blenlib/intern/winstuff.c index 3b14abb0bee..9594197ef90 100644 --- a/source/blender/blenlib/intern/winstuff.c +++ b/source/blender/blenlib/intern/winstuff.c @@ -53,11 +53,10 @@ int BLI_getInstallationDir( char * str ) { char dir[FILE_MAXDIR]; - char file[FILE_MAXFILE]; int a; GetModuleFileName(NULL,str,FILE_MAXDIR+FILE_MAXFILE); - BLI_split_dirfile(str,dir,file); /* shouldn't be relative */ + BLI_split_dirfile(str, dir, NULL, sizeof(dir), 0); /* shouldn't be relative */ a = strlen(dir); if(dir[a-1] == '\\') dir[a-1]=0; diff --git a/source/blender/blenloader/intern/writefile.c b/source/blender/blenloader/intern/writefile.c index cbc312a75e9..6e9e3da3b42 100644 --- a/source/blender/blenloader/intern/writefile.c +++ b/source/blender/blenloader/intern/writefile.c @@ -2678,8 +2678,8 @@ int BLO_write_file(Main *mainvar, const char *filepath, int write_flags, ReportL if(write_flags & G_FILE_RELATIVE_REMAP) { char dir1[FILE_MAXDIR+FILE_MAXFILE]; char dir2[FILE_MAXDIR+FILE_MAXFILE]; - BLI_split_dirfile(filepath, dir1, NULL); - BLI_split_dirfile(mainvar->name, dir2, NULL); + BLI_split_dirfile(filepath, dir1, NULL, sizeof(dir1), 0); + BLI_split_dirfile(mainvar->name, dir2, NULL, sizeof(dir2), 0); /* just incase there is some subtle difference */ BLI_cleanup_dir(mainvar->name, dir1); diff --git a/source/blender/collada/DocumentImporter.cpp b/source/blender/collada/DocumentImporter.cpp index e98f551a097..056d74aabfb 100644 --- a/source/blender/collada/DocumentImporter.cpp +++ b/source/blender/collada/DocumentImporter.cpp @@ -884,7 +884,7 @@ bool DocumentImporter::writeImage( const COLLADAFW::Image* image ) char dir[FILE_MAX]; char full_path[FILE_MAX]; - BLI_split_dirfile(filename, dir, NULL); + BLI_split_dirfile(filename, dir, NULL, sizeof(dir), 0); BLI_join_dirfile(full_path, sizeof(full_path), dir, filepath.c_str()); Image *ima = BKE_add_image_file(full_path); if (!ima) { diff --git a/source/blender/collada/ImageExporter.cpp b/source/blender/collada/ImageExporter.cpp index 747f3c783d7..53c43677c18 100644 --- a/source/blender/collada/ImageExporter.cpp +++ b/source/blender/collada/ImageExporter.cpp @@ -97,7 +97,7 @@ void ImagesExporter::operator()(Material *ma, Object *ob) char src[FILE_MAX]; char dir[FILE_MAX]; - BLI_split_dirfile(this->export_settings->filepath, dir, NULL); + BLI_split_dirfile(this->export_settings->filepath, dir, NULL, sizeof(dir), 0); BKE_rebase_path(abs, sizeof(abs), rel, sizeof(rel), G.main->name, image->name, dir); diff --git a/source/blender/editors/space_file/file_ops.c b/source/blender/editors/space_file/file_ops.c index 0955d264ca8..559873bd601 100644 --- a/source/blender/editors/space_file/file_ops.c +++ b/source/blender/editors/space_file/file_ops.c @@ -666,7 +666,7 @@ void file_operator_to_sfile(SpaceFile *sfile, wmOperator *op) if((prop= RNA_struct_find_property(op->ptr, "filepath"))) { char filepath[FILE_MAX]; RNA_property_string_get(op->ptr, prop, filepath); - BLI_split_dirfile(filepath, sfile->params->dir, sfile->params->file); + BLI_split_dirfile(filepath, sfile->params->dir, sfile->params->file, sizeof(sfile->params->dir), sizeof(sfile->params->file)); } else { if((prop= RNA_struct_find_property(op->ptr, "filename"))) { @@ -1143,7 +1143,7 @@ int file_directory_exec(bContext *C, wmOperator *UNUSED(unused)) if(BLI_exists(sfile->params->dir) && BLI_is_dir(sfile->params->dir) == 0) { char path[sizeof(sfile->params->dir)]; BLI_strncpy(path, sfile->params->dir, sizeof(path)); - BLI_split_dirfile(path, sfile->params->dir, sfile->params->file); + BLI_split_dirfile(path, sfile->params->dir, sfile->params->file, sizeof(sfile->params->dir), sizeof(sfile->params->file)); } BLI_cleanup_dir(G.main->name, sfile->params->dir); diff --git a/source/blender/editors/space_file/filesel.c b/source/blender/editors/space_file/filesel.c index 6cc42b2a751..f36145aaba0 100644 --- a/source/blender/editors/space_file/filesel.c +++ b/source/blender/editors/space_file/filesel.c @@ -113,7 +113,7 @@ short ED_fileselect_set_params(SpaceFile *sfile) if (!sfile->params) { sfile->params= MEM_callocN(sizeof(FileSelectParams), "fileselparams"); /* set path to most recently opened .blend */ - BLI_split_dirfile(G.main->name, sfile->params->dir, sfile->params->file); + BLI_split_dirfile(G.main->name, sfile->params->dir, sfile->params->file, sizeof(sfile->params->dir), sizeof(sfile->params->file)); sfile->params->filter_glob[0] = '\0'; } @@ -142,7 +142,7 @@ short ED_fileselect_set_params(SpaceFile *sfile) sfile->params->file[0]= '\0'; } else { - BLI_split_dirfile(name, sfile->params->dir, sfile->params->file); + BLI_split_dirfile(name, sfile->params->dir, sfile->params->file, sizeof(sfile->params->dir), sizeof(sfile->params->file)); } } else { @@ -613,7 +613,7 @@ void autocomplete_directory(struct bContext *C, char *str, void *UNUSED(arg_v)) DIR *dir; struct dirent *de; - BLI_split_dirfile(str, dirname, NULL); + BLI_split_dirfile(str, dirname, NULL, sizeof(dirname), 0); dir = opendir(dirname); diff --git a/source/blender/editors/space_sequencer/sequencer_add.c b/source/blender/editors/space_sequencer/sequencer_add.c index 1c4b0130897..7fa4e62359a 100644 --- a/source/blender/editors/space_sequencer/sequencer_add.c +++ b/source/blender/editors/space_sequencer/sequencer_add.c @@ -321,7 +321,7 @@ static int sequencer_add_generic_strip_exec(bContext *C, wmOperator *op, SeqLoad char dir_only[FILE_MAX]; char file_only[FILE_MAX]; - BLI_split_dirfile(seq_load.path, dir_only, NULL); + BLI_split_dirfile(seq_load.path, dir_only, NULL, sizeof(dir_only), 0); RNA_BEGIN(op->ptr, itemptr, "files") { RNA_string_get(&itemptr, "name", file_only); diff --git a/source/blender/editors/space_sequencer/space_sequencer.c b/source/blender/editors/space_sequencer/space_sequencer.c index 5c2013ee863..45908801147 100644 --- a/source/blender/editors/space_sequencer/space_sequencer.c +++ b/source/blender/editors/space_sequencer/space_sequencer.c @@ -362,7 +362,7 @@ static void sequencer_drop_copy(wmDrag *drag, wmDropBox *drop) PointerRNA itemptr; char dir[FILE_MAX], file[FILE_MAX]; - BLI_split_dirfile(drag->path, dir, file); + BLI_split_dirfile(drag->path, dir, file, sizeof(dir), sizeof(file)); RNA_string_set(drop->ptr, "directory", dir); diff --git a/source/blender/makesrna/intern/rna_sequencer.c b/source/blender/makesrna/intern/rna_sequencer.c index 92739148b99..b90f10693ac 100644 --- a/source/blender/makesrna/intern/rna_sequencer.c +++ b/source/blender/makesrna/intern/rna_sequencer.c @@ -443,7 +443,6 @@ static PointerRNA rna_SequenceEditor_meta_stack_get(CollectionPropertyIterator * static void rna_Sequence_filepath_set(PointerRNA *ptr, const char *value) { Sequence *seq= (Sequence*)(ptr->data); - char dir[FILE_MAX], name[FILE_MAX]; if(seq->type == SEQ_SOUND && seq->sound) { /* for sound strips we need to update the sound as well. @@ -457,9 +456,7 @@ static void rna_Sequence_filepath_set(PointerRNA *ptr, const char *value) sound_update_scene_sound(seq->scene_sound, seq->sound); } - BLI_split_dirfile(value, dir, name); - BLI_strncpy(seq->strip->dir, dir, sizeof(seq->strip->dir)); - BLI_strncpy(seq->strip->stripdata->name, name, sizeof(seq->strip->stripdata->name)); + BLI_split_dirfile(value, seq->strip->dir, seq->strip->stripdata->name, sizeof(seq->strip->dir), sizeof(seq->strip->stripdata->name)); } static void rna_Sequence_filepath_get(PointerRNA *ptr, char *value) @@ -481,11 +478,7 @@ static int rna_Sequence_filepath_length(PointerRNA *ptr) static void rna_Sequence_proxy_filepath_set(PointerRNA *ptr, const char *value) { StripProxy *proxy= (StripProxy*)(ptr->data); - char dir[FILE_MAX], name[FILE_MAX]; - - BLI_split_dirfile(value, dir, name); - BLI_strncpy(proxy->dir, dir, sizeof(proxy->dir)); - BLI_strncpy(proxy->file, name, sizeof(proxy->file)); + BLI_split_dirfile(value, proxy->dir, proxy->file, sizeof(proxy->dir), sizeof(proxy->file)); } static void rna_Sequence_proxy_filepath_get(PointerRNA *ptr, char *value) @@ -541,20 +534,13 @@ static int rna_Sequence_input_count_get(PointerRNA *ptr) /*static void rna_SoundSequence_filename_set(PointerRNA *ptr, const char *value) { Sequence *seq= (Sequence*)(ptr->data); - char dir[FILE_MAX], name[FILE_MAX]; - - BLI_split_dirfile(value, dir, name); - BLI_strncpy(seq->strip->dir, dir, sizeof(seq->strip->dir)); - BLI_strncpy(seq->strip->stripdata->name, name, sizeof(seq->strip->stripdata->name)); + BLI_split_dirfile(value, seq->strip->dir, seq->strip->stripdata->name, sizeof(seq->strip->dir), sizeof(seq->strip->stripdata->name)); } static void rna_SequenceElement_filename_set(PointerRNA *ptr, const char *value) { StripElem *elem= (StripElem*)(ptr->data); - char name[FILE_MAX]; - - BLI_split_dirfile(value, NULL, name); - BLI_strncpy(elem->name, name, sizeof(elem->name)); + BLI_split_dirfile(value, NULL, elem->name, 0, sizeof(elem->name)); }*/ static void rna_Sequence_update(Main *UNUSED(bmain), Scene *scene, PointerRNA *ptr) diff --git a/source/gameengine/Ketsji/KX_PythonInit.cpp b/source/gameengine/Ketsji/KX_PythonInit.cpp index 62ca2910c60..40917a67c2f 100644 --- a/source/gameengine/Ketsji/KX_PythonInit.cpp +++ b/source/gameengine/Ketsji/KX_PythonInit.cpp @@ -502,7 +502,7 @@ static PyObject* gPyGetBlendFileList(PyObject*, PyObject* args) BLI_path_abs(cpath, gp_GamePythonPath); } else { /* Get the dir only */ - BLI_split_dirfile(gp_GamePythonPath, cpath, NULL); + BLI_split_dirfile(gp_GamePythonPath, cpath, NULL, sizeof(cpath), 0); } if((dp = opendir(cpath)) == NULL) { @@ -1732,7 +1732,7 @@ static void initPySysObjects__append(PyObject *sys_path, char *filename) PyObject *item; char expanded[FILE_MAXDIR + FILE_MAXFILE]; - BLI_split_dirfile(filename, expanded, NULL); /* get the dir part of filename only */ + BLI_split_dirfile(filename, expanded, NULL, sizeof(expanded), 0); /* get the dir part of filename only */ BLI_path_abs(expanded, gp_GamePythonPath); /* filename from lib->filename is (always?) absolute, so this may not be needed but it wont hurt */ BLI_cleanup_file(gp_GamePythonPath, expanded); /* Dont use BLI_cleanup_dir because it adds a slash - BREAKS WIN32 ONLY */ item= PyUnicode_DecodeFSDefault(expanded); -- cgit v1.2.3