[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [51660] trunk/blender/source/blender/ makesrna/intern/rna_wm.c: Fix for a nasty (and dangerous, buffer overflow) bug that quite oddly seems to have never shown its ugly face until today ( at least for me)...

Bastien Montagne montagne29 at wanadoo.fr
Fri Oct 26 16:45:57 CEST 2012


Revision: 51660
          http://projects.blender.org/scm/viewvc.php?view=rev&root=bf-blender&revision=51660
Author:   mont29
Date:     2012-10-26 14:45:56 +0000 (Fri, 26 Oct 2012)
Log Message:
-----------
Fix for a nasty (and dangerous, buffer overflow) bug that quite oddly seems to have never shown its ugly face until today (at least for me)... It was revealed by mocap's addon stupidly long operators label names (fix comming in next commit): the rna_Operator_bl_idname_set() and rna_Operator_bl_label_set() were clamping there string copy to RNA_DYN_DESCR_MAX instead of OP_MAX_TYPENAME!

Modified Paths:
--------------
    trunk/blender/source/blender/makesrna/intern/rna_wm.c

Modified: trunk/blender/source/blender/makesrna/intern/rna_wm.c
===================================================================
--- trunk/blender/source/blender/makesrna/intern/rna_wm.c	2012-10-26 13:15:14 UTC (rev 51659)
+++ trunk/blender/source/blender/makesrna/intern/rna_wm.c	2012-10-26 14:45:56 UTC (rev 51660)
@@ -1251,24 +1251,30 @@
 {
 	wmOperator *data = (wmOperator *)(ptr->data);
 	char *str = (char *)data->type->idname;
-	if (!str[0]) BLI_strncpy(str, value, RNA_DYN_DESCR_MAX);    /* utf8 already ensured */
-	else assert(!"setting the bl_idname on a non-builtin operator");
+	if (!str[0])
+		BLI_strncpy(str, value, OP_MAX_TYPENAME);    /* utf8 already ensured */
+	else
+		assert(!"setting the bl_idname on a non-builtin operator");
 }
 
 static void rna_Operator_bl_label_set(PointerRNA *ptr, const char *value)
 {
 	wmOperator *data = (wmOperator *)(ptr->data);
 	char *str = (char *)data->type->name;
-	if (!str[0]) BLI_strncpy(str, value, RNA_DYN_DESCR_MAX);    /* utf8 already ensured */
-	else assert(!"setting the bl_label on a non-builtin operator");
+	if (!str[0])
+		BLI_strncpy(str, value, OP_MAX_TYPENAME);    /* utf8 already ensured */
+	else
+		assert(!"setting the bl_label on a non-builtin operator");
 }
 
 static void rna_Operator_bl_description_set(PointerRNA *ptr, const char *value)
 {
 	wmOperator *data = (wmOperator *)(ptr->data);
 	char *str = (char *)data->type->description;
-	if (!str[0]) BLI_strncpy(str, value, RNA_DYN_DESCR_MAX);    /* utf8 already ensured */
-	else assert(!"setting the bl_description on a non-builtin operator");
+	if (!str[0])
+		BLI_strncpy(str, value, RNA_DYN_DESCR_MAX);    /* utf8 already ensured */
+	else
+		assert(!"setting the bl_description on a non-builtin operator");
 }
 
 static void rna_KeyMapItem_update(Main *UNUSED(bmain), Scene *UNUSED(scene), PointerRNA *ptr)




More information about the Bf-blender-cvs mailing list