[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [36219] trunk/blender/source/blender: Some strings to store ID names were too small, could cause stack corruption.
Campbell Barton
ideasman42 at gmail.com
Tue Apr 19 08:59:49 CEST 2011
Revision: 36219
http://projects.blender.org/scm/viewvc.php?view=rev&root=bf-blender&revision=36219
Author: campbellbarton
Date: 2011-04-19 06:59:49 +0000 (Tue, 19 Apr 2011)
Log Message:
-----------
Some strings to store ID names were too small, could cause stack corruption.
corrected these and replaced 'sizeof(((ID *)NULL)->name)-2' with 'MAX_ID_NAME-2'.
Modified Paths:
--------------
trunk/blender/source/blender/blenkernel/intern/library.c
trunk/blender/source/blender/editors/interface/interface.c
trunk/blender/source/blender/editors/interface/interface_utils.c
trunk/blender/source/blender/editors/object/object_relations.c
trunk/blender/source/blender/editors/render/render_internal.c
trunk/blender/source/blender/editors/screen/screen_edit.c
trunk/blender/source/blender/editors/sound/sound_ops.c
trunk/blender/source/blender/editors/space_image/image_ops.c
trunk/blender/source/blender/editors/space_node/drawnode.c
trunk/blender/source/blender/editors/space_outliner/outliner.c
trunk/blender/source/blender/makesrna/intern/rna_ID.c
trunk/blender/source/blender/makesrna/intern/rna_curve.c
trunk/blender/source/blender/python/generic/bpy_internal_import.c
Modified: trunk/blender/source/blender/blenkernel/intern/library.c
===================================================================
--- trunk/blender/source/blender/blenkernel/intern/library.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/blenkernel/intern/library.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -1157,7 +1157,7 @@
int new_id(ListBase *lb, ID *id, const char *tname)
{
int result;
- char name[22];
+ char name[MAX_ID_NAME-2];
/* if library, don't rename */
if(id->lib) return 0;
Modified: trunk/blender/source/blender/editors/interface/interface.c
===================================================================
--- trunk/blender/source/blender/editors/interface/interface.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/interface/interface.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -1390,7 +1390,7 @@
if(ELEM(but->type, TEX, SEARCH_MENU))
return but->hardmax;
else if(but->type == IDPOIN)
- return sizeof(((ID*)NULL)->name)-2;
+ return MAX_ID_NAME-2;
else
return UI_MAX_DRAW_STR;
}
Modified: trunk/blender/source/blender/editors/interface/interface_utils.c
===================================================================
--- trunk/blender/source/blender/editors/interface/interface_utils.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/interface/interface_utils.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -52,7 +52,7 @@
{
uiBut *but=NULL;
const char *propname= RNA_property_identifier(prop);
- char prop_item[sizeof(((IDProperty *)NULL)->name)+4]; /* size of the ID prop name + room for [""] */
+ char prop_item[MAX_IDPROP_NAME+4]; /* size of the ID prop name + room for [""] */
int arraylen= RNA_property_array_length(ptr, prop);
/* support for custom props */
Modified: trunk/blender/source/blender/editors/object/object_relations.c
===================================================================
--- trunk/blender/source/blender/editors/object/object_relations.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/object/object_relations.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -402,7 +402,7 @@
ot->flag= OPTYPE_REGISTER|OPTYPE_UNDO;
/* properties */
- RNA_def_string(ot->srna, "object", "", sizeof(((ID *)NULL)->name)-2, "Proxy Object", "Name of lib-linked/grouped object to make a proxy for.");
+ RNA_def_string(ot->srna, "object", "", MAX_ID_NAME-2, "Proxy Object", "Name of lib-linked/grouped object to make a proxy for.");
prop= RNA_def_enum(ot->srna, "type", DummyRNA_DEFAULT_items, 0, "Type", "Group object"); /* XXX, relies on hard coded ID at the moment */
RNA_def_enum_funcs(prop, proxy_group_object_itemf);
ot->prop= prop;
Modified: trunk/blender/source/blender/editors/render/render_internal.c
===================================================================
--- trunk/blender/source/blender/editors/render/render_internal.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/render/render_internal.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -736,7 +736,7 @@
if(RNA_property_is_set(op->ptr, "layer")) {
SceneRenderLayer *rl;
Scene *scn;
- char scene_name[19], rl_name[RE_MAXNAME];
+ char scene_name[MAX_ID_NAME-2], rl_name[RE_MAXNAME];
RNA_string_get(op->ptr, "layer", rl_name);
RNA_string_get(op->ptr, "scene", scene_name);
@@ -828,7 +828,7 @@
RNA_def_boolean(ot->srna, "animation", 0, "Animation", "Render files from the animation range of this scene");
RNA_def_boolean(ot->srna, "write_still", 0, "Write Image", "Save rendered the image to the output path (used only when animation is disabled)");
RNA_def_string(ot->srna, "layer", "", RE_MAXNAME, "Render Layer", "Single render layer to re-render");
- RNA_def_string(ot->srna, "scene", "", sizeof(((ID *)NULL)->name)-2, "Scene", "Re-render single layer in this scene");
+ RNA_def_string(ot->srna, "scene", "", MAX_ID_NAME-2, "Scene", "Re-render single layer in this scene");
}
/* ****************************** opengl render *************************** */
Modified: trunk/blender/source/blender/editors/screen/screen_edit.c
===================================================================
--- trunk/blender/source/blender/editors/screen/screen_edit.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/screen/screen_edit.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -1627,7 +1627,7 @@
}
else {
ScrArea *newa;
- char newname[20];
+ char newname[MAX_ID_NAME-2];
oldscreen= win->screen;
Modified: trunk/blender/source/blender/editors/sound/sound_ops.c
===================================================================
--- trunk/blender/source/blender/editors/sound/sound_ops.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/sound/sound_ops.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -219,7 +219,7 @@
/* find the suppplied image by name */
if (RNA_property_is_set(op->ptr, "id")) {
- char sndname[22];
+ char sndname[MAX_ID_NAME-2];
RNA_string_get(op->ptr, "id", sndname);
sound = BLI_findstring(&CTX_data_main(C)->sound, sndname, offsetof(ID, name) + 2);
}
@@ -276,7 +276,7 @@
/* properties */
RNA_def_enum(ot->srna, "method", unpack_method_items, PF_USE_LOCAL, "Method", "How to unpack.");
- RNA_def_string(ot->srna, "id", "", sizeof(((ID *)NULL)->name)-2, "Sound Name", "Sound datablock name to unpack."); /* XXX, weark!, will fail with library, name collisions */
+ RNA_def_string(ot->srna, "id", "", MAX_ID_NAME-2, "Sound Name", "Sound datablock name to unpack."); /* XXX, weark!, will fail with library, name collisions */
}
/* ******************************************************* */
Modified: trunk/blender/source/blender/editors/space_image/image_ops.c
===================================================================
--- trunk/blender/source/blender/editors/space_image/image_ops.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/space_image/image_ops.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -1279,7 +1279,7 @@
Image *ima;
PointerRNA ptr, idptr;
PropertyRNA *prop;
- char name[22];
+ char name[MAX_ID_NAME-2];
float color[4];
int width, height, floatbuf, uvtestgrid, alpha;
@@ -1352,7 +1352,7 @@
ot->flag= OPTYPE_UNDO;
/* properties */
- RNA_def_string(ot->srna, "name", "untitled", sizeof(((ID *)NULL)->name)-2, "Name", "Image datablock name.");
+ RNA_def_string(ot->srna, "name", "untitled", MAX_ID_NAME-2, "Name", "Image datablock name.");
RNA_def_int(ot->srna, "width", 1024, 1, INT_MAX, "Width", "Image width.", 1, 16384);
RNA_def_int(ot->srna, "height", 1024, 1, INT_MAX, "Height", "Image height.", 1, 16384);
prop= RNA_def_float_color(ot->srna, "color", 4, NULL, 0.0f, FLT_MAX, "Color", "Default fill color.", 0.0f, 1.0f);
@@ -1538,7 +1538,7 @@
/* find the suppplied image by name */
if (RNA_property_is_set(op->ptr, "id")) {
- char imaname[22];
+ char imaname[MAX_ID_NAME-2];
RNA_string_get(op->ptr, "id", imaname);
ima = BLI_findstring(&CTX_data_main(C)->image, imaname, offsetof(ID, name) + 2);
if (!ima) ima = CTX_data_edit_image(C);
@@ -1604,7 +1604,7 @@
/* properties */
RNA_def_enum(ot->srna, "method", unpack_method_items, PF_USE_LOCAL, "Method", "How to unpack.");
- RNA_def_string(ot->srna, "id", "", sizeof(((ID *)NULL)->name)-2, "Image Name", "Image datablock name to unpack."); /* XXX, weark!, will fail with library, name collisions */
+ RNA_def_string(ot->srna, "id", "", MAX_ID_NAME-2, "Image Name", "Image datablock name to unpack."); /* XXX, weark!, will fail with library, name collisions */
}
/******************** sample image operator ********************/
Modified: trunk/blender/source/blender/editors/space_node/drawnode.c
===================================================================
--- trunk/blender/source/blender/editors/space_node/drawnode.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/space_node/drawnode.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -518,7 +518,7 @@
PointerRNA scn_ptr;
PropertyRNA *prop;
const char *layer_name;
- char scene_name[19];
+ char scene_name[MAX_ID_NAME-2];
uiTemplateID(layout, C, ptr, "scene", NULL, NULL, NULL);
Modified: trunk/blender/source/blender/editors/space_outliner/outliner.c
===================================================================
--- trunk/blender/source/blender/editors/space_outliner/outliner.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/space_outliner/outliner.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -5665,7 +5665,7 @@
if(tselem->type==TSE_EBONE) len = sizeof(((EditBone*) 0)->name);
else if (tselem->type==TSE_MODIFIER) len = sizeof(((ModifierData*) 0)->name);
else if(tselem->id && GS(tselem->id->name)==ID_LI) len = sizeof(((Library*) 0)->name);
- else len= sizeof(((ID*) 0)->name)-2;
+ else len= MAX_ID_NAME-2;
dx= (int)UI_GetStringWidth(te->name);
Modified: trunk/blender/source/blender/makesrna/intern/rna_ID.c
===================================================================
--- trunk/blender/source/blender/makesrna/intern/rna_ID.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/makesrna/intern/rna_ID.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -443,7 +443,7 @@
prop= RNA_def_property(srna, "name", PROP_STRING, PROP_NONE);
RNA_def_property_ui_text(prop, "Name", "Unique datablock ID name");
RNA_def_property_string_funcs(prop, "rna_ID_name_get", "rna_ID_name_length", "rna_ID_name_set");
- RNA_def_property_string_maxlength(prop, sizeof(((ID*)NULL)->name)-2);
+ RNA_def_property_string_maxlength(prop, MAX_ID_NAME-2);
RNA_def_property_editable_func(prop, "rna_ID_name_editable");
RNA_def_property_update(prop, NC_ID|NA_RENAME, NULL);
RNA_def_struct_name_property(srna, prop);
Modified: trunk/blender/source/blender/makesrna/intern/rna_curve.c
===================================================================
--- trunk/blender/source/blender/makesrna/intern/rna_curve.c 2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/makesrna/intern/rna_curve.c 2011-04-19 06:59:49 UTC (rev 36219)
@@ -947,7 +947,7 @@
/* strings */
prop= RNA_def_property(srna, "family", PROP_STRING, PROP_NONE);
- RNA_def_property_string_maxlength(prop, (sizeof((ID *)NULL)->name)-2);
+ RNA_def_property_string_maxlength(prop, MAX_ID_NAME-2);
@@ Diff output truncated at 10240 characters. @@
More information about the Bf-blender-cvs
mailing list