[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [15195] trunk/blender/source/blender: bugfix, off by 1 error when filling in uninitialized values for new ID values when the requested name length was greater to or equal to 21 .

Campbell Barton ideasman42 at gmail.com
Wed Jun 11 11:04:43 CEST 2008 

Revision: 15195
          http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=15195
Author:   campbellbarton
Date:     2008-06-11 11:04:41 +0200 (Wed, 11 Jun 2008)

Log Message:
-----------
bugfix, off by 1 error when filling in uninitialized values for new ID values when the requested name length was greater to or equal to 21.
Also replaced incorrect use of strcpy with memmove since the strings overlap

Modified Paths:
--------------
    trunk/blender/source/blender/blenkernel/intern/library.c
    trunk/blender/source/blender/blenlib/intern/util.c

Modified: trunk/blender/source/blender/blenkernel/intern/library.c
===================================================================
--- trunk/blender/source/blender/blenkernel/intern/library.c	2008-06-11 05:46:10 UTC (rev 15194)
+++ trunk/blender/source/blender/blenkernel/intern/library.c	2008-06-11 09:04:41 UTC (rev 15195)
@@ -934,7 +934,7 @@
 	}
 
 	/* if result > 21, strncpy don't put the final '\0' to name. */
-	if( result > 21 ) name[21]= 0;
+	if( result >= 21 ) name[21]= 0;
 
 	result = check_for_dupid( lb, id, name );
 	strcpy( id->name+2, name );

Modified: trunk/blender/source/blender/blenlib/intern/util.c
===================================================================
--- trunk/blender/source/blender/blenlib/intern/util.c	2008-06-11 05:46:10 UTC (rev 15194)
+++ trunk/blender/source/blender/blenlib/intern/util.c	2008-06-11 09:04:41 UTC (rev 15195)
@@ -883,6 +883,15 @@
 			dir = dir+2; /* skip the first // */
 		}
 	}
+	
+	/* Note
+	 *   memmove( start, eind, strlen(eind)+1 );
+	 * is the same as
+	 *   strcpy( start, eind ); 
+	 * except strcpy should not be used because there is overlap,
+	  * so use memmove's slightly more obscure syntax - Campbell
+	 */
+	
 #ifdef WIN32
 	if(dir[0]=='.') {	/* happens for example in FILE_MAIN */
 	   get_default_root(dir);
@@ -896,17 +905,18 @@
 			if (dir[a] == '\\') break;
 			a--;
 		}
-		strcpy(dir+a,eind);
+		memmove( dir+a, eind, strlen(eind)+1 );
+		
 	}
 
 	while ( (start = strstr(dir,"\\.\\")) ){
 		eind = start + strlen("\\.\\") - 1;
-		strcpy(start,eind);
+		memmove( start, eind, strlen(eind)+1 );
 	}
 
 	while ( (start = strstr(dir,"\\\\" )) ){
 		eind = start + strlen("\\\\") - 1;
-		strcpy(start,eind);
+		memmove( start, eind, strlen(eind)+1 );
 	}
 
 	if((a = strlen(dir))){				/* remove the '\\' at the end */
@@ -929,17 +939,17 @@
 			if (dir[a] == '/') break;
 			a--;
 		}
-		strcpy(dir+a,eind);
+		memmove( dir+a, eind, strlen(eind)+1 );
 	}
 
 	while ( (start = strstr(dir,"/./")) ){
 		eind = start + strlen("/./") - 1;
-		strcpy(start,eind);
+		memmove( start, eind, strlen(eind)+1 );
 	}
 
 	while ( (start = strstr(dir,"//" )) ){
 		eind = start + strlen("//") - 1;
-		strcpy(start,eind);
+		memmove( start, eind, strlen(eind)+1 );
 	}
 
 	if( (a = strlen(dir)) ){				/* remove all '/' at the end */

More information about the Bf-blender-cvs mailing list