[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [36219] trunk/blender/source/blender: Some strings to store ID names were too small, could cause stack corruption.

Campbell Barton ideasman42 at gmail.com
Tue Apr 19 08:59:49 CEST 2011


Revision: 36219
          http://projects.blender.org/scm/viewvc.php?view=rev&root=bf-blender&revision=36219
Author:   campbellbarton
Date:     2011-04-19 06:59:49 +0000 (Tue, 19 Apr 2011)
Log Message:
-----------
Some strings to store ID names were too small, could cause stack corruption.
corrected these and replaced 'sizeof(((ID *)NULL)->name)-2' with 'MAX_ID_NAME-2'.

Modified Paths:
--------------
    trunk/blender/source/blender/blenkernel/intern/library.c
    trunk/blender/source/blender/editors/interface/interface.c
    trunk/blender/source/blender/editors/interface/interface_utils.c
    trunk/blender/source/blender/editors/object/object_relations.c
    trunk/blender/source/blender/editors/render/render_internal.c
    trunk/blender/source/blender/editors/screen/screen_edit.c
    trunk/blender/source/blender/editors/sound/sound_ops.c
    trunk/blender/source/blender/editors/space_image/image_ops.c
    trunk/blender/source/blender/editors/space_node/drawnode.c
    trunk/blender/source/blender/editors/space_outliner/outliner.c
    trunk/blender/source/blender/makesrna/intern/rna_ID.c
    trunk/blender/source/blender/makesrna/intern/rna_curve.c
    trunk/blender/source/blender/python/generic/bpy_internal_import.c

Modified: trunk/blender/source/blender/blenkernel/intern/library.c
===================================================================
--- trunk/blender/source/blender/blenkernel/intern/library.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/blenkernel/intern/library.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -1157,7 +1157,7 @@
 int new_id(ListBase *lb, ID *id, const char *tname)
 {
 	int result;
-	char name[22];
+	char name[MAX_ID_NAME-2];
 
 	/* if library, don't rename */
 	if(id->lib) return 0;

Modified: trunk/blender/source/blender/editors/interface/interface.c
===================================================================
--- trunk/blender/source/blender/editors/interface/interface.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/interface/interface.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -1390,7 +1390,7 @@
 	if(ELEM(but->type, TEX, SEARCH_MENU))
 		return but->hardmax;
 	else if(but->type == IDPOIN)
-		return sizeof(((ID*)NULL)->name)-2;
+		return MAX_ID_NAME-2;
 	else
 		return UI_MAX_DRAW_STR;
 }

Modified: trunk/blender/source/blender/editors/interface/interface_utils.c
===================================================================
--- trunk/blender/source/blender/editors/interface/interface_utils.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/interface/interface_utils.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -52,7 +52,7 @@
 {
 	uiBut *but=NULL;
 	const char *propname= RNA_property_identifier(prop);
-	char prop_item[sizeof(((IDProperty *)NULL)->name)+4]; /* size of the ID prop name + room for [""] */
+	char prop_item[MAX_IDPROP_NAME+4]; /* size of the ID prop name + room for [""] */
 	int arraylen= RNA_property_array_length(ptr, prop);
 
 	/* support for custom props */

Modified: trunk/blender/source/blender/editors/object/object_relations.c
===================================================================
--- trunk/blender/source/blender/editors/object/object_relations.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/object/object_relations.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -402,7 +402,7 @@
 	ot->flag= OPTYPE_REGISTER|OPTYPE_UNDO;
 	
 	/* properties */
-	RNA_def_string(ot->srna, "object", "", sizeof(((ID *)NULL)->name)-2, "Proxy Object", "Name of lib-linked/grouped object to make a proxy for.");
+	RNA_def_string(ot->srna, "object", "", MAX_ID_NAME-2, "Proxy Object", "Name of lib-linked/grouped object to make a proxy for.");
 	prop= RNA_def_enum(ot->srna, "type", DummyRNA_DEFAULT_items, 0, "Type", "Group object"); /* XXX, relies on hard coded ID at the moment */
 	RNA_def_enum_funcs(prop, proxy_group_object_itemf);
 	ot->prop= prop;

Modified: trunk/blender/source/blender/editors/render/render_internal.c
===================================================================
--- trunk/blender/source/blender/editors/render/render_internal.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/render/render_internal.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -736,7 +736,7 @@
 	if(RNA_property_is_set(op->ptr, "layer")) {
 		SceneRenderLayer *rl;
 		Scene *scn;
-		char scene_name[19], rl_name[RE_MAXNAME];
+		char scene_name[MAX_ID_NAME-2], rl_name[RE_MAXNAME];
 
 		RNA_string_get(op->ptr, "layer", rl_name);
 		RNA_string_get(op->ptr, "scene", scene_name);
@@ -828,7 +828,7 @@
 	RNA_def_boolean(ot->srna, "animation", 0, "Animation", "Render files from the animation range of this scene");
 	RNA_def_boolean(ot->srna, "write_still", 0, "Write Image", "Save rendered the image to the output path (used only when animation is disabled)");
 	RNA_def_string(ot->srna, "layer", "", RE_MAXNAME, "Render Layer", "Single render layer to re-render");
-	RNA_def_string(ot->srna, "scene", "", sizeof(((ID *)NULL)->name)-2, "Scene", "Re-render single layer in this scene");
+	RNA_def_string(ot->srna, "scene", "", MAX_ID_NAME-2, "Scene", "Re-render single layer in this scene");
 }
 
 /* ****************************** opengl render *************************** */

Modified: trunk/blender/source/blender/editors/screen/screen_edit.c
===================================================================
--- trunk/blender/source/blender/editors/screen/screen_edit.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/screen/screen_edit.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -1627,7 +1627,7 @@
 	}
 	else {
 		ScrArea *newa;
-		char newname[20];
+		char newname[MAX_ID_NAME-2];
 
 		oldscreen= win->screen;
 

Modified: trunk/blender/source/blender/editors/sound/sound_ops.c
===================================================================
--- trunk/blender/source/blender/editors/sound/sound_ops.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/sound/sound_ops.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -219,7 +219,7 @@
 
 	/* find the suppplied image by name */
 	if (RNA_property_is_set(op->ptr, "id")) {
-		char sndname[22];
+		char sndname[MAX_ID_NAME-2];
 		RNA_string_get(op->ptr, "id", sndname);
 		sound = BLI_findstring(&CTX_data_main(C)->sound, sndname, offsetof(ID, name) + 2);
 	}
@@ -276,7 +276,7 @@
 
 	/* properties */
 	RNA_def_enum(ot->srna, "method", unpack_method_items, PF_USE_LOCAL, "Method", "How to unpack.");
-	RNA_def_string(ot->srna, "id", "", sizeof(((ID *)NULL)->name)-2, "Sound Name", "Sound datablock name to unpack."); /* XXX, weark!, will fail with library, name collisions */
+	RNA_def_string(ot->srna, "id", "", MAX_ID_NAME-2, "Sound Name", "Sound datablock name to unpack."); /* XXX, weark!, will fail with library, name collisions */
 }
 
 /* ******************************************************* */

Modified: trunk/blender/source/blender/editors/space_image/image_ops.c
===================================================================
--- trunk/blender/source/blender/editors/space_image/image_ops.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/space_image/image_ops.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -1279,7 +1279,7 @@
 	Image *ima;
 	PointerRNA ptr, idptr;
 	PropertyRNA *prop;
-	char name[22];
+	char name[MAX_ID_NAME-2];
 	float color[4];
 	int width, height, floatbuf, uvtestgrid, alpha;
 
@@ -1352,7 +1352,7 @@
 	ot->flag= OPTYPE_UNDO;
 
 	/* properties */
-	RNA_def_string(ot->srna, "name", "untitled", sizeof(((ID *)NULL)->name)-2, "Name", "Image datablock name.");
+	RNA_def_string(ot->srna, "name", "untitled", MAX_ID_NAME-2, "Name", "Image datablock name.");
 	RNA_def_int(ot->srna, "width", 1024, 1, INT_MAX, "Width", "Image width.", 1, 16384);
 	RNA_def_int(ot->srna, "height", 1024, 1, INT_MAX, "Height", "Image height.", 1, 16384);
 	prop= RNA_def_float_color(ot->srna, "color", 4, NULL, 0.0f, FLT_MAX, "Color", "Default fill color.", 0.0f, 1.0f);
@@ -1538,7 +1538,7 @@
 
 	/* find the suppplied image by name */
 	if (RNA_property_is_set(op->ptr, "id")) {
-		char imaname[22];
+		char imaname[MAX_ID_NAME-2];
 		RNA_string_get(op->ptr, "id", imaname);
 		ima = BLI_findstring(&CTX_data_main(C)->image, imaname, offsetof(ID, name) + 2);
 		if (!ima) ima = CTX_data_edit_image(C);
@@ -1604,7 +1604,7 @@
 	
 	/* properties */
 	RNA_def_enum(ot->srna, "method", unpack_method_items, PF_USE_LOCAL, "Method", "How to unpack.");
-	RNA_def_string(ot->srna, "id", "", sizeof(((ID *)NULL)->name)-2, "Image Name", "Image datablock name to unpack."); /* XXX, weark!, will fail with library, name collisions */
+	RNA_def_string(ot->srna, "id", "", MAX_ID_NAME-2, "Image Name", "Image datablock name to unpack."); /* XXX, weark!, will fail with library, name collisions */
 }
 
 /******************** sample image operator ********************/

Modified: trunk/blender/source/blender/editors/space_node/drawnode.c
===================================================================
--- trunk/blender/source/blender/editors/space_node/drawnode.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/space_node/drawnode.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -518,7 +518,7 @@
 	PointerRNA scn_ptr;
 	PropertyRNA *prop;
 	const char *layer_name;
-	char scene_name[19];
+	char scene_name[MAX_ID_NAME-2];
 	
 	uiTemplateID(layout, C, ptr, "scene", NULL, NULL, NULL);
 	

Modified: trunk/blender/source/blender/editors/space_outliner/outliner.c
===================================================================
--- trunk/blender/source/blender/editors/space_outliner/outliner.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/editors/space_outliner/outliner.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -5665,7 +5665,7 @@
 				if(tselem->type==TSE_EBONE) len = sizeof(((EditBone*) 0)->name);
 				else if (tselem->type==TSE_MODIFIER) len = sizeof(((ModifierData*) 0)->name);
 				else if(tselem->id && GS(tselem->id->name)==ID_LI) len = sizeof(((Library*) 0)->name);
-				else len= sizeof(((ID*) 0)->name)-2;
+				else len= MAX_ID_NAME-2;
 				
 
 				dx= (int)UI_GetStringWidth(te->name);

Modified: trunk/blender/source/blender/makesrna/intern/rna_ID.c
===================================================================
--- trunk/blender/source/blender/makesrna/intern/rna_ID.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/makesrna/intern/rna_ID.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -443,7 +443,7 @@
 	prop= RNA_def_property(srna, "name", PROP_STRING, PROP_NONE);
 	RNA_def_property_ui_text(prop, "Name", "Unique datablock ID name");
 	RNA_def_property_string_funcs(prop, "rna_ID_name_get", "rna_ID_name_length", "rna_ID_name_set");
-	RNA_def_property_string_maxlength(prop, sizeof(((ID*)NULL)->name)-2);
+	RNA_def_property_string_maxlength(prop, MAX_ID_NAME-2);
 	RNA_def_property_editable_func(prop, "rna_ID_name_editable");
 	RNA_def_property_update(prop, NC_ID|NA_RENAME, NULL);
 	RNA_def_struct_name_property(srna, prop);

Modified: trunk/blender/source/blender/makesrna/intern/rna_curve.c
===================================================================
--- trunk/blender/source/blender/makesrna/intern/rna_curve.c	2011-04-19 06:37:29 UTC (rev 36218)
+++ trunk/blender/source/blender/makesrna/intern/rna_curve.c	2011-04-19 06:59:49 UTC (rev 36219)
@@ -947,7 +947,7 @@
 	
 	/* strings */
 	prop= RNA_def_property(srna, "family", PROP_STRING, PROP_NONE);
-	RNA_def_property_string_maxlength(prop, (sizeof((ID *)NULL)->name)-2);
+	RNA_def_property_string_maxlength(prop, MAX_ID_NAME-2);

@@ Diff output truncated at 10240 characters. @@



More information about the Bf-blender-cvs mailing list