[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [12318] trunk/blender/source/blender: fix for crash's in file selector.
Campbell Barton
cbarton at metavr.com
Sun Oct 21 11:32:18 CEST 2007
Revision: 12318
http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=12318
Author: campbellbarton
Date: 2007-10-21 11:32:18 +0200 (Sun, 21 Oct 2007)
Log Message:
-----------
fix for crash's in file selector.
- on unix BLI_diskfree was only using 100 chars for the dir name, and
not checking if the name given was longer, increased to FILE_MAXDIR
(160) and added a check, return -1 if its too long.
The file selector only allowed 80 chars to be typed into the directory
entry.
Made the file selector check that the path is less then FILE_MIXDIR, if
you try and enter a path thats longer it will tell you that the path is
too long, before it was writing into other memory and crashing.
Modified Paths:
--------------
trunk/blender/source/blender/blenlib/intern/storage.c
trunk/blender/source/blender/src/filesel.c
trunk/blender/source/blender/src/header_filesel.c
trunk/blender/source/blender/src/usiblender.c
Modified: trunk/blender/source/blender/blenlib/intern/storage.c
===================================================================
--- trunk/blender/source/blender/blenlib/intern/storage.c 2007-10-21 05:16:37 UTC (rev 12317)
+++ trunk/blender/source/blender/blenlib/intern/storage.c 2007-10-21 09:32:18 UTC (rev 12318)
@@ -180,12 +180,15 @@
return (double) (freec*bytesps*sectorspc);
#else
struct statfs disk;
- char name[100],*slash;
-
-
+ char name[FILE_MAXDIR],*slash;
+ int len = strlen(dir);
+
+ if (len >= FILE_MAXDIR) /* path too long */
+ return -1;
+
strcpy(name,dir);
- if(strlen(name)){
+ if(len){
slash = strrchr(name,'/');
if (slash) slash[1] = 0;
} else strcpy(name,"/");
Modified: trunk/blender/source/blender/src/filesel.c
===================================================================
--- trunk/blender/source/blender/src/filesel.c 2007-10-21 05:16:37 UTC (rev 12317)
+++ trunk/blender/source/blender/src/filesel.c 2007-10-21 09:32:18 UTC (rev 12318)
@@ -1039,7 +1039,7 @@
else loadbutton= 0;
uiBlockBeginAlign(block);
- uiDefBut(block, TEX, B_FS_DIRNAME,"", textrct.xmin + (strp?20:0), filebuty2, textrct.xmax-textrct.xmin-loadbutton - (strp?20:0), 21, sfile->dir, 0.0, (float)FILE_MAXFILE-1, 0, 0, "Directory, enter a directory and press enter to create it"); /* Directory input */
+ uiDefBut(block, TEX, B_FS_DIRNAME,"", textrct.xmin + (strp?20:0), filebuty2, textrct.xmax-textrct.xmin-loadbutton - (strp?20:0), 21, sfile->dir, 0.0, (float)FILE_MAXDIR-1, 0, 0, "Directory, enter a directory and press enter to create it"); /* Directory input */
if(loadbutton) {
uiSetCurFont(block, UI_HELV);
uiDefBut(block, BUT, B_FS_LOAD, sfile->title, textrct.xmax-loadbutton, filebuty2, loadbutton, 21, sfile->dir, 0.0, (float)FILE_MAXFILE-1, 0, 0, "");
@@ -1833,12 +1833,20 @@
if(act>=0 && act<sfile->totfile) {
if(S_ISDIR(sfile->filelist[act].type)) {
- strcat(sfile->dir, sfile->filelist[act].relname);
- strcat(sfile->dir,"/");
- BLI_cleanup_dir(G.sce, sfile->dir);
- freefilelist(sfile);
- sfile->ofs= 0;
- do_draw= 1;
+ /* the path is too long and we are not going up! */
+ if (strcmp(sfile->filelist[act].relname, ".") &&
+ strcmp(sfile->filelist[act].relname, "..") &&
+ strlen(sfile->dir) + strlen(sfile->filelist[act].relname) >= FILE_MAXDIR )
+ {
+ error("Path too long, cannot enter this directory");
+ } else {
+ strcat(sfile->dir, sfile->filelist[act].relname);
+ strcat(sfile->dir,"/");
+ BLI_cleanup_dir(G.sce, sfile->dir);
+ freefilelist(sfile);
+ sfile->ofs= 0;
+ do_draw= 1;
+ }
}
else {
if( strcmp(sfile->file, sfile->filelist[act].relname)) {
Modified: trunk/blender/source/blender/src/header_filesel.c
===================================================================
--- trunk/blender/source/blender/src/header_filesel.c 2007-10-21 05:16:37 UTC (rev 12317)
+++ trunk/blender/source/blender/src/header_filesel.c 2007-10-21 09:32:18 UTC (rev 12318)
@@ -188,7 +188,7 @@
BIF_DrawString(G.font, naam, 0);
}
-
+
/* always do as last */
curarea->headbutlen= xco+2*XIC;
}
Modified: trunk/blender/source/blender/src/usiblender.c
===================================================================
--- trunk/blender/source/blender/src/usiblender.c 2007-10-21 05:16:37 UTC (rev 12317)
+++ trunk/blender/source/blender/src/usiblender.c 2007-10-21 09:32:18 UTC (rev 12318)
@@ -745,11 +745,17 @@
void BIF_write_file(char *target)
{
Library *li;
- int writeflags;
- char di[FILE_MAXDIR];
+ int writeflags, len;
+ char di[FILE_MAX];
char *err;
- if (BLI_streq(target, "")) return;
+ len = strlen(target);
+
+ if (len == 0) return;
+ if (len >= FILE_MAX) {
+ error("Path too long, cannot save");
+ return;
+ }
/* send the OnSave event */
if (G.f & G_DOSCRIPTLINKS) BPY_do_pyscript(&G.scene->id, SCRIPT_ONSAVE);
@@ -761,7 +767,7 @@
}
}
- if (!BLO_has_bfile_extension(target)) {
+ if (!BLO_has_bfile_extension(target) && (len+6 < FILE_MAX)) {
sprintf(di, "%s.blend", target);
} else {
strcpy(di, target);
More information about the Bf-blender-cvs
mailing list