[Bf-blender-cvs] [9ddb857c7a9] workspaces: Fix buffer overrun when setting the name
Campbell Barton
noreply at git.blender.org
Mon May 1 17:14:24 CEST 2017
Commit: 9ddb857c7a9b9ea7ae55ef39879497676d6d8e71
Author: Campbell Barton
Date: Tue May 2 01:18:44 2017 +1000
Branches: workspaces
https://developer.blender.org/rB9ddb857c7a9b9ea7ae55ef39879497676d6d8e71
Fix buffer overrun when setting the name
Would happen on default startup file. Strings allocations were set to
`but->hardmax + 1`, not `items->maxstrlen`
===================================================================
M source/blender/editors/interface/interface_regions.c
===================================================================
diff --git a/source/blender/editors/interface/interface_regions.c b/source/blender/editors/interface/interface_regions.c
index 475ab0fc1c2..cae25ade657 100644
--- a/source/blender/editors/interface/interface_regions.c
+++ b/source/blender/editors/interface/interface_regions.c
@@ -794,8 +794,12 @@ bool UI_search_item_add(uiSearchItems *items, const char *name, void *poin, int
return true;
}
- if (items->names)
- BLI_strncpy(items->names[items->totitem], name, items->maxstrlen);
+ if (items->names) {
+ MEM_freeN(items->names[items->totitem]);
+ int name_len = min_ii(strlen(name) + 1, items->maxstrlen);
+ items->names[items->totitem] = MEM_mallocN(name_len, __func__);
+ BLI_strncpy(items->names[items->totitem], name, name_len);
+ }
if (items->pointers)
items->pointers[items->totitem] = poin;
if (items->icons)
More information about the Bf-blender-cvs
mailing list