[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [40950] trunk/blender/source/blender/ blenlib/intern/path_util.c: fix for possible buffer overflow bug in BLI_join_dirfile(), recent fix didn' t account for the case when destination string and dir string matched.

Campbell Barton ideasman42 at gmail.com
Wed Oct 12 13:18:47 CEST 2011 

Revision: 40950
          http://projects.blender.org/scm/viewvc.php?view=rev&root=bf-blender&revision=40950
Author:   campbellbarton
Date:     2011-10-12 11:18:46 +0000 (Wed, 12 Oct 2011)
Log Message:
-----------
fix for possible buffer overflow bug in BLI_join_dirfile(), recent fix didn't account for the case when destination string and dir string matched.

Modified Paths:
--------------
    trunk/blender/source/blender/blenlib/intern/path_util.c

Modified: trunk/blender/source/blender/blenlib/intern/path_util.c
===================================================================
--- trunk/blender/source/blender/blenlib/intern/path_util.c	2011-10-12 06:11:21 UTC (rev 40949)
+++ trunk/blender/source/blender/blenlib/intern/path_util.c	2011-10-12 11:18:46 UTC (rev 40950)
@@ -1430,21 +1430,40 @@
 }
 
 /* simple appending of filename to dir, does not check for valid path! */
-void BLI_join_dirfile(char *string, const size_t maxlen, const char *dir, const char *file)
+void BLI_join_dirfile(char *dst, const size_t maxlen, const char *dir, const char *file)
 {
-	int sl_dir;
+	size_t dirlen= BLI_strnlen(dir, maxlen);
 
-	if(string != dir) /* compare pointers */
-		BLI_strncpy(string, dir, maxlen -(file ? 1 : 0));
+	if (dst != dir) {
+		if(dirlen  == maxlen) {
+			memcpy(dst, dir, dirlen);
+			dst[dirlen - 1]= '\0';
+			return; /* dir fills the path */
+		}
+		else {
+			memcpy(dst, dir, dirlen + 1);
+		}
+	}
 
-	if (!file)
+	if (dirlen + 1 >= maxlen) {
+		return; /* fills the path */
+	}
+
+	/* inline BLI_add_slash */
+	if (dst[dirlen - 1] != SEP) {
+		dst[dirlen++]= SEP;
+		dst[dirlen  ]= '\0';
+	}
+
+	if (dirlen >= maxlen) {
+		return; /* fills the path */
+	}
+
+	if (file == NULL) {
 		return;
+	}
 
-	sl_dir= BLI_add_slash(string);
-	
-	if (sl_dir < maxlen) {
-		BLI_strncpy(string + sl_dir, file, maxlen - sl_dir);
-	}
+	BLI_strncpy(dst + dirlen, file, maxlen - dirlen);
 }
 
 /* like pythons os.path.basename( ) */

More information about the Bf-blender-cvs mailing list