[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [55799] trunk/blender/source/blender/ editors/space_console/console_ops.c: fix bad memmove size ( reading past buffer bounds)
Campbell Barton
ideasman42 at gmail.com
Fri Apr 5 05:44:08 CEST 2013
Revision: 55799
http://projects.blender.org/scm/viewvc.php?view=rev&root=bf-blender&revision=55799
Author: campbellbarton
Date: 2013-04-05 03:44:07 +0000 (Fri, 05 Apr 2013)
Log Message:
-----------
fix bad memmove size (reading past buffer bounds)
Modified Paths:
--------------
trunk/blender/source/blender/editors/space_console/console_ops.c
Modified: trunk/blender/source/blender/editors/space_console/console_ops.c
===================================================================
--- trunk/blender/source/blender/editors/space_console/console_ops.c 2013-04-05 01:28:38 UTC (rev 55798)
+++ trunk/blender/source/blender/editors/space_console/console_ops.c 2013-04-05 03:44:07 UTC (rev 55799)
@@ -225,7 +225,12 @@
{
/* resize the buffer if needed */
if (len >= ci->len_alloc) {
- int new_len = len * 2; /* new length */
+ /* new length */
+#ifndef NDEBUG
+ int new_len = len + 1;
+#else
+ int new_len = (len + 1) * 2;
+#endif
char *new_line = MEM_callocN(new_len, "console line");
memcpy(new_line, ci->line, ci->len);
MEM_freeN(ci->line);
@@ -582,7 +587,7 @@
stride = ci->cursor - pos;
if (stride) {
ci->cursor -= stride; /* same as above */
- memmove(ci->line + ci->cursor, ci->line + ci->cursor + stride, (ci->len - ci->cursor) + 1);
+ memmove(ci->line + ci->cursor, ci->line + ci->cursor + stride, (ci->len - (ci->cursor + stride)) + 1);
ci->len -= stride;
BLI_assert(ci->len >= 0);
done = TRUE;
More information about the Bf-blender-cvs
mailing list