[Bf-blender-cvs] [66aa4af] master: Fix T47252: FileBrowser: buffer overflow with scripts defining too long 'filter_glob' string.

Bastien Montagne noreply at git.blender.org
Wed Jan 27 18:10:12 CET 2016 

Commit: 66aa4af83611de2c59d9e8ab4ded1b48bec4a635
Author: Bastien Montagne
Date:   Wed Jan 27 18:04:50 2016 +0100
Branches: master
https://developer.blender.org/rB66aa4af83611de2c59d9e8ab4ded1b48bec4a635

Fix T47252: FileBrowser: buffer overflow with scripts defining too long 'filter_glob' string.

Fixed this with three changes:
* filter_glob is now 255 char max (63 could be a bit limited in some rare cases).
* IO templates now explicitely define max len of that property (such that scripters are aware of the limit).
* ED_fileselect_set_params() is now safe regarding too long strings from a 'filter_glob' op property.

===================================================================

M	release/scripts/templates_py/operator_file_export.py
M	release/scripts/templates_py/operator_file_import.py
M	source/blender/editors/space_file/filelist.c
M	source/blender/editors/space_file/filesel.c
M	source/blender/makesdna/DNA_space_types.h

===================================================================

diff --git a/release/scripts/templates_py/operator_file_export.py b/release/scripts/templates_py/operator_file_export.py
index 9511cb1..38c8806 100644
--- a/release/scripts/templates_py/operator_file_export.py
+++ b/release/scripts/templates_py/operator_file_export.py
@@ -28,6 +28,7 @@ class ExportSomeData(Operator, ExportHelper):
     filter_glob = StringProperty(
             default="*.txt",
             options={'HIDDEN'},
+            maxlen=255,  # Max internal buffer length, longer would be clamped.
             )
 
     # List of operator properties, the attributes will be assigned
diff --git a/release/scripts/templates_py/operator_file_import.py b/release/scripts/templates_py/operator_file_import.py
index 9940a1b..0ec5754 100644
--- a/release/scripts/templates_py/operator_file_import.py
+++ b/release/scripts/templates_py/operator_file_import.py
@@ -31,6 +31,7 @@ class ImportSomeData(Operator, ImportHelper):
     filter_glob = StringProperty(
             default="*.txt",
             options={'HIDDEN'},
+            maxlen=255,  # Max internal buffer length, longer would be clamped.
             )
 
     # List of operator properties, the attributes will be assigned
diff --git a/source/blender/editors/space_file/filelist.c b/source/blender/editors/space_file/filelist.c
index 98eed5b..207879c 100644
--- a/source/blender/editors/space_file/filelist.c
+++ b/source/blender/editors/space_file/filelist.c
@@ -270,7 +270,7 @@ typedef struct FileListEntryPreview {
 typedef struct FileListFilter {
 	unsigned int filter;
 	unsigned int filter_id;
-	char filter_glob[64];
+	char filter_glob[256];
 	char filter_search[66];  /* + 2 for heading/trailing implicit '*' wildcards. */
 	short flags;
 } FileListFilter;
diff --git a/source/blender/editors/space_file/filesel.c b/source/blender/editors/space_file/filesel.c
index a83cae6..981b101 100644
--- a/source/blender/editors/space_file/filesel.c
+++ b/source/blender/editors/space_file/filesel.c
@@ -186,7 +186,13 @@ short ED_fileselect_set_params(SpaceFile *sfile)
 		if ((prop = RNA_struct_find_property(op->ptr, "filter_collada")))
 			params->filter |= RNA_property_boolean_get(op->ptr, prop) ? FILE_TYPE_COLLADA : 0;
 		if ((prop = RNA_struct_find_property(op->ptr, "filter_glob"))) {
-			RNA_property_string_get(op->ptr, prop, params->filter_glob);
+			/* Protection against pyscripts not setting proper size limit... */
+			char *tmp = RNA_property_string_get_alloc(
+			                op->ptr, prop, params->filter_glob, sizeof(params->filter_glob), NULL);
+			if (tmp != params->filter_glob) {
+				BLI_strncpy(params->filter_glob, tmp, sizeof(params->filter_glob));
+				MEM_freeN(tmp);
+			}
 			params->filter |= (FILE_TYPE_OPERATOR | FILE_TYPE_FOLDER);
 		}
 		else {
diff --git a/source/blender/makesdna/DNA_space_types.h b/source/blender/makesdna/DNA_space_types.h
index b0f165b..48ad597 100644
--- a/source/blender/makesdna/DNA_space_types.h
+++ b/source/blender/makesdna/DNA_space_types.h
@@ -591,7 +591,7 @@ typedef struct FileSelectParams {
 	char renamefile[256];
 	char renameedit[256]; /* annoying but the first is only used for initialization */
 
-	char filter_glob[64]; /* list of filetypes to filter */
+	char filter_glob[256]; /* list of filetypes to filter */
 
 	char filter_search[64];  /* text items' name must match to be shown. */
 	int filter_id;  /* same as filter, but for ID types (aka library groups). */

More information about the Bf-blender-cvs mailing list