[Bf-blender-cvs] [8931c4b18d5] master: Fix possible buffer overflow from incorrect 'strncat' use
Campbell Barton
noreply at git.blender.org
Wed Mar 4 05:27:22 CET 2020
Commit: 8931c4b18d5e15366c755346f0c982698f661e6f
Author: Campbell Barton
Date: Wed Mar 4 15:12:36 2020 +1100
Branches: master
https://developer.blender.org/rB8931c4b18d5e15366c755346f0c982698f661e6f
Fix possible buffer overflow from incorrect 'strncat' use
The size argument is the maximum number of bytes to copy,
not the destination buffer size.
Replace with utility function that joins strings.
===================================================================
M source/blender/render/intern/source/render_result.c
===================================================================
diff --git a/source/blender/render/intern/source/render_result.c b/source/blender/render/intern/source/render_result.c
index b2225d70eaf..81395399134 100644
--- a/source/blender/render/intern/source/render_result.c
+++ b/source/blender/render/intern/source/render_result.c
@@ -35,6 +35,7 @@
#include "BLI_path_util.h"
#include "BLI_rect.h"
#include "BLI_string.h"
+#include "BLI_string_utils.h"
#include "BLI_threads.h"
#include "BKE_appdir.h"
@@ -181,26 +182,33 @@ void render_result_views_shallowdelete(RenderResult *rr)
static char *set_pass_name(char *outname, const char *name, int channel, const char *chan_id)
{
- BLI_strncpy(outname, name, EXR_PASS_MAXNAME);
+ const char *strings[2];
+ int strings_len = 0;
+ strings[strings_len++] = name;
+ char token[2];
if (channel >= 0) {
- char token[3] = {'.', chan_id[channel], '\0'};
- strncat(outname, token, EXR_PASS_MAXNAME);
+ ARRAY_SET_ITEMS(token, chan_id[channel], '\0');
+ strings[strings_len++] = token;
}
+ BLI_string_join_array_by_sep_char(outname, EXR_PASS_MAXNAME, '.', strings, strings_len);
return outname;
}
static void set_pass_full_name(
char *fullname, const char *name, int channel, const char *view, const char *chan_id)
{
- BLI_strncpy(fullname, name, EXR_PASS_MAXNAME);
+ const char *strings[3];
+ int strings_len = 0;
+ strings[strings_len++] = name;
if (view && view[0]) {
- strncat(fullname, ".", EXR_PASS_MAXNAME);
- strncat(fullname, view, EXR_PASS_MAXNAME);
+ strings[strings_len++] = view;
}
+ char token[2];
if (channel >= 0) {
- char token[3] = {'.', chan_id[channel], '\0'};
- strncat(fullname, token, EXR_PASS_MAXNAME);
+ ARRAY_SET_ITEMS(token, chan_id[channel], '\0');
+ strings[strings_len++] = token;
}
+ BLI_string_join_array_by_sep_char(fullname, EXR_PASS_MAXNAME, '.', strings, strings_len);
}
/********************************** New **************************************/
More information about the Bf-blender-cvs
mailing list