[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [14451] trunk/blender/source/blender/imbuf /intern/radiance_hdr.c: My last commit for the sscanf buffer overflow did not really fix the
Kent Mein
mein at cs.umn.edu
Thu Apr 17 17:42:00 CEST 2008
Revision: 14451
http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=14451
Author: sirdude
Date: 2008-04-17 17:41:06 +0200 (Thu, 17 Apr 2008)
Log Message:
-----------
My last commit for the sscanf buffer overflow did not really fix the
problem. Now the fixed length strings are limited in the sscanf so
it should be much better now.
Kent
Modified Paths:
--------------
trunk/blender/source/blender/imbuf/intern/radiance_hdr.c
Modified: trunk/blender/source/blender/imbuf/intern/radiance_hdr.c
===================================================================
--- trunk/blender/source/blender/imbuf/intern/radiance_hdr.c 2008-04-17 14:10:40 UTC (rev 14450)
+++ trunk/blender/source/blender/imbuf/intern/radiance_hdr.c 2008-04-17 15:41:06 UTC (rev 14451)
@@ -182,7 +182,6 @@
unsigned char* ptr;
unsigned char* rect;
char oriY[80], oriX[80];
- char buff[STR_MAX];
if (imb_is_a_hdr((void*)mem))
{
@@ -194,8 +193,7 @@
}
}
if (found) {
- BLI_strncpy(buff, (char *)&mem[x+1], sizeof(buff));
- if (sscanf(buff, "%s %d %s %d", (char*)&oriY, &height,
+ if (sscanf((char *)&mem[x+1], "%80s %d %80s %d", (char*)&oriY, &height,
(char*)&oriX, &width) != 4) return NULL;
/* find end of this line, data right behind it */
More information about the Bf-blender-cvs
mailing list