[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [12318] trunk/blender/source/blender: fix for crash's in file selector.

Sun Oct 21 11:32:18 CEST 2007

Revision: 12318
          http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=12318
Author:   campbellbarton
Date:     2007-10-21 11:32:18 +0200 (Sun, 21 Oct 2007)

Log Message:
-----------
fix for crash's in file selector.
- on unix BLI_diskfree was only using 100 chars for the dir name, and 
not checking if the name given was longer, increased to FILE_MAXDIR 
(160) and added a check, return -1 if its too long.

The file selector only allowed 80 chars to be typed into the directory 
entry.

Made the file selector check that the path is less then FILE_MIXDIR, if 
you try and enter a path thats longer it will tell you that the path is 
too long, before it was writing into other memory and crashing.

Modified Paths:
--------------
    trunk/blender/source/blender/blenlib/intern/storage.c
    trunk/blender/source/blender/src/filesel.c
    trunk/blender/source/blender/src/header_filesel.c
    trunk/blender/source/blender/src/usiblender.c

Modified: trunk/blender/source/blender/blenlib/intern/storage.c
===================================================================

--- trunk/blender/source/blender/blenlib/intern/storage.c	2007-10-21 05:16:37 UTC (rev 12317)
+++ trunk/blender/source/blender/blenlib/intern/storage.c	2007-10-21 09:32:18 UTC (rev 12318)
@@ -180,12 +180,15 @@
 	return (double) (freec*bytesps*sectorspc);
 #else
 	struct statfs disk;
-	char name[100],*slash;
-
-
+	char name[FILE_MAXDIR],*slash;
+	int len = strlen(dir);
+	
+	if (len >= FILE_MAXDIR) /* path too long */
+		return -1;
+	
 	strcpy(name,dir);
 
-	if(strlen(name)){
+	if(len){
 		slash = strrchr(name,'/');
 		if (slash) slash[1] = 0;
 	} else strcpy(name,"/");

Modified: trunk/blender/source/blender/src/filesel.c
===================================================================
--- trunk/blender/source/blender/src/filesel.c	2007-10-21 05:16:37 UTC (rev 12317)
+++ trunk/blender/source/blender/src/filesel.c	2007-10-21 09:32:18 UTC (rev 12318)
@@ -1039,7 +1039,7 @@
 	else loadbutton= 0;
 
 	uiBlockBeginAlign(block);
-	uiDefBut(block, TEX, B_FS_DIRNAME,"",	textrct.xmin + (strp?20:0), filebuty2, textrct.xmax-textrct.xmin-loadbutton - (strp?20:0), 21, sfile->dir, 0.0, (float)FILE_MAXFILE-1, 0, 0, "Directory, enter a directory and press enter to create it"); /* Directory input */
+	uiDefBut(block, TEX, B_FS_DIRNAME,"",	textrct.xmin + (strp?20:0), filebuty2, textrct.xmax-textrct.xmin-loadbutton - (strp?20:0), 21, sfile->dir, 0.0, (float)FILE_MAXDIR-1, 0, 0, "Directory, enter a directory and press enter to create it"); /* Directory input */
 	if(loadbutton) {
 		uiSetCurFont(block, UI_HELV);
 		uiDefBut(block, BUT, B_FS_LOAD, sfile->title,	textrct.xmax-loadbutton, filebuty2, loadbutton, 21, sfile->dir, 0.0, (float)FILE_MAXFILE-1, 0, 0, "");
@@ -1833,12 +1833,20 @@
 				
 				if(act>=0 && act<sfile->totfile) {
 					if(S_ISDIR(sfile->filelist[act].type)) {
-						strcat(sfile->dir, sfile->filelist[act].relname);
-						strcat(sfile->dir,"/");
-						BLI_cleanup_dir(G.sce, sfile->dir);
-						freefilelist(sfile);						
-						sfile->ofs= 0;
-						do_draw= 1;
+						/* the path is too long and we are not going up! */
+						if (strcmp(sfile->filelist[act].relname, ".") &&
+							strcmp(sfile->filelist[act].relname, "..") &&
+							strlen(sfile->dir) + strlen(sfile->filelist[act].relname) >= FILE_MAXDIR ) 
+						{
+							error("Path too long, cannot enter this directory");
+						} else {
+							strcat(sfile->dir, sfile->filelist[act].relname);
+							strcat(sfile->dir,"/");
+							BLI_cleanup_dir(G.sce, sfile->dir);
+							freefilelist(sfile);						
+							sfile->ofs= 0;
+							do_draw= 1;
+						}
 					}
 					else {
 						if( strcmp(sfile->file, sfile->filelist[act].relname)) {

Modified: trunk/blender/source/blender/src/header_filesel.c
===================================================================
--- trunk/blender/source/blender/src/header_filesel.c	2007-10-21 05:16:37 UTC (rev 12317)
+++ trunk/blender/source/blender/src/header_filesel.c	2007-10-21 09:32:18 UTC (rev 12318)
@@ -188,7 +188,7 @@
 	
 		BIF_DrawString(G.font, naam, 0);
 	}
-	
+
 	/* always do as last */
 	curarea->headbutlen= xco+2*XIC;
 }

Modified: trunk/blender/source/blender/src/usiblender.c
===================================================================
--- trunk/blender/source/blender/src/usiblender.c	2007-10-21 05:16:37 UTC (rev 12317)
+++ trunk/blender/source/blender/src/usiblender.c	2007-10-21 09:32:18 UTC (rev 12318)
@@ -745,11 +745,17 @@
 void BIF_write_file(char *target)
 {
 	Library *li;
-	int writeflags;
-	char di[FILE_MAXDIR];
+	int writeflags, len;
+	char di[FILE_MAX];
 	char *err;
 	
-	if (BLI_streq(target, "")) return;
+	len = strlen(target);
+	
+	if (len == 0) return;
+	if (len >= FILE_MAX) {
+		error("Path too long, cannot save");
+		return;
+	}
  
 	/* send the OnSave event */
 	if (G.f & G_DOSCRIPTLINKS) BPY_do_pyscript(&G.scene->id, SCRIPT_ONSAVE);
@@ -761,7 +767,7 @@
 		}
 	}
 	
-	if (!BLO_has_bfile_extension(target)) {
+	if (!BLO_has_bfile_extension(target) && (len+6 < FILE_MAX)) {
 		sprintf(di, "%s.blend", target);
 	} else {
 		strcpy(di, target);



