[Bf-blender-cvs] [e4ab526] master: Make reading previews from .blend file more robust.

Wed Jun 3 16:43:58 CEST 2015

Commit: e4ab526ad186973455da72a9a27959c16ebd470e
Author: Bastien Montagne
Date:   Wed Jun 3 16:42:08 2015 +0200
Branches: master
https://developer.blender.org/rBe4ab526ad186973455da72a9a27959c16ebd470e

Make reading previews from .blend file more robust.

Hit a case here where rect pointer was not NULL, when h & w were both zero...
Shall not happen, but better not crash on such cases!

===================================================================

M	source/blender/blenloader/intern/readblenentry.c

===================================================================

diff --git a/source/blender/blenloader/intern/readblenentry.c b/source/blender/blenloader/intern/readblenentry.c
index 9544015..20ec27a 100644
--- a/source/blender/blenloader/intern/readblenentry.c
+++ b/source/blender/blenloader/intern/readblenentry.c
@@ -176,26 +176,38 @@ LinkNode *BLO_blendhandle_get_previews(BlendHandle *bh, int ofblocktype, int *to
 					prv = BLO_library_read_struct(fd, bhead, "PreviewImage");
 					if (prv) {
 						memcpy(new_prv, prv, sizeof(PreviewImage));
-						if (prv->rect[0]) {
+						if (prv->rect[0] && prv->w[0] && prv->h[0]) {
 							unsigned int *rect = NULL;
-							new_prv->rect[0] = MEM_callocN(new_prv->w[0] * new_prv->h[0] * sizeof(unsigned int), "prvrect");
+							size_t len = new_prv->w[0] * new_prv->h[0] * sizeof(unsigned int);
+							new_prv->rect[0] = MEM_callocN(len, __func__);
 							bhead = blo_nextbhead(fd, bhead);
 							rect = (unsigned int *)(bhead + 1);
-							memcpy(new_prv->rect[0], rect, bhead->len);
+							BLI_assert(len == bhead->len);
+							memcpy(new_prv->rect[0], rect, len);
 						}
 						else {
+							/* This should not be needed, but can happen in 'broken' .blend files,
+							 * better handle this gracefully than crashing. */
+							BLI_assert(prv->rect[0] == NULL && prv->w[0] == 0 && prv->h[0] == 0);
 							new_prv->rect[0] = NULL;
+							new_prv->w[0] = new_prv->h[0] = 0;
 						}
 						
-						if (prv->rect[1]) {
+						if (prv->rect[1] && prv->w[1] && prv->h[1]) {
 							unsigned int *rect = NULL;
-							new_prv->rect[1] = MEM_callocN(new_prv->w[1] * new_prv->h[1] * sizeof(unsigned int), "prvrect");
+							size_t len = new_prv->w[1] * new_prv->h[1] * sizeof(unsigned int);
+							new_prv->rect[1] = MEM_callocN(len, __func__);
 							bhead = blo_nextbhead(fd, bhead);
 							rect = (unsigned int *)(bhead + 1);
-							memcpy(new_prv->rect[1], rect, bhead->len);
+							BLI_assert(len == bhead->len);
+							memcpy(new_prv->rect[1], rect, len);
 						}
 						else {
+							/* This should not be needed, but can happen in 'broken' .blend files,
+							 * better handle this gracefully than crashing. */
+							BLI_assert(prv->rect[1] == NULL && prv->w[1] == 0 && prv->h[1] == 0);
 							new_prv->rect[1] = NULL;
+							new_prv->w[1] = new_prv->h[1] = 0;
 						}
 						MEM_freeN(prv);
 					}


