[Bf-blender-cvs] [4e9aadac5e7] master: Fix T70033: Crash editing keymap operator
Campbell Barton
noreply at git.blender.org
Thu Sep 19 09:19:29 CEST 2019
Commit: 4e9aadac5e7756b0bf3d313ec31cc85770347b8a
Author: Campbell Barton
Date: Thu Sep 19 17:15:19 2019 +1000
Branches: master
https://developer.blender.org/rB4e9aadac5e7756b0bf3d313ec31cc85770347b8a
Fix T70033: Crash editing keymap operator
Expanding operator names could buffer overrun.
===================================================================
M source/blender/windowmanager/intern/wm_operators.c
===================================================================
diff --git a/source/blender/windowmanager/intern/wm_operators.c b/source/blender/windowmanager/intern/wm_operators.c
index 9657347a1c4..6da9c13d1cf 100644
--- a/source/blender/windowmanager/intern/wm_operators.c
+++ b/source/blender/windowmanager/intern/wm_operators.c
@@ -140,13 +140,13 @@ void WM_operator_bl_idname(char *to, const char *from)
if (from) {
const char *sep = strchr(from, '.');
- if (sep) {
- int ofs = (sep - from);
-
+ int from_len;
+ if (sep && (from_len = strlen(from)) < OP_MAX_TYPENAME - 3) {
+ const int ofs = (sep - from);
memcpy(to, from, sizeof(char) * ofs);
BLI_str_toupper_ascii(to, ofs);
- strcpy(to + ofs, "_OT_");
- strcpy(to + (ofs + 4), sep + 1);
+ memcpy(to + ofs, "_OT_", 4);
+ memcpy(to + (ofs + 4), sep + 1, (from_len - ofs));
}
else {
/* should not happen but support just in case */
More information about the Bf-blender-cvs
mailing list