[Bf-blender-cvs] [9ddb857c7a9] workspaces: Fix buffer overrun when setting the name

Campbell Barton noreply at git.blender.org
Mon May 1 17:14:24 CEST 2017


Commit: 9ddb857c7a9b9ea7ae55ef39879497676d6d8e71
Author: Campbell Barton
Date:   Tue May 2 01:18:44 2017 +1000
Branches: workspaces
https://developer.blender.org/rB9ddb857c7a9b9ea7ae55ef39879497676d6d8e71

Fix buffer overrun when setting the name

Would happen on default startup file. Strings allocations were set to
`but->hardmax + 1`, not `items->maxstrlen`

===================================================================

M	source/blender/editors/interface/interface_regions.c

===================================================================

diff --git a/source/blender/editors/interface/interface_regions.c b/source/blender/editors/interface/interface_regions.c
index 475ab0fc1c2..cae25ade657 100644
--- a/source/blender/editors/interface/interface_regions.c
+++ b/source/blender/editors/interface/interface_regions.c
@@ -794,8 +794,12 @@ bool UI_search_item_add(uiSearchItems *items, const char *name, void *poin, int
 		return true;
 	}
 	
-	if (items->names)
-		BLI_strncpy(items->names[items->totitem], name, items->maxstrlen);
+	if (items->names) {
+		MEM_freeN(items->names[items->totitem]);
+		int name_len = min_ii(strlen(name) + 1, items->maxstrlen);
+		items->names[items->totitem] = MEM_mallocN(name_len, __func__);
+		BLI_strncpy(items->names[items->totitem], name, name_len);
+	}
 	if (items->pointers)
 		items->pointers[items->totitem] = poin;
 	if (items->icons)




More information about the Bf-blender-cvs mailing list