[Bf-blender-cvs] [8926b09fa9a] blender-v2.83-release: Fix T81421: "Saving As..." a blend file with a Script node file path filled with 1023 symbols crashes Blender.
Bastien Montagne
noreply at git.blender.org
Wed Oct 28 09:55:52 CET 2020
Commit: 8926b09fa9a065912aa0237015c6085200834cd3
Author: Bastien Montagne
Date: Mon Oct 26 16:31:11 2020 +0100
Branches: blender-v2.83-release
https://developer.blender.org/rB8926b09fa9a065912aa0237015c6085200834cd3
Fix T81421: "Saving As..." a blend file with a Script node file path filled with 1023 symbols crashes Blender.
Usual lack of protection against buffer overflows when manipulating
strings.
Also add some basic tests for `BLI_path_rel`.
===================================================================
M source/blender/blenlib/intern/path_util.c
M tests/gtests/blenlib/BLI_path_util_test.cc
===================================================================
diff --git a/source/blender/blenlib/intern/path_util.c b/source/blender/blenlib/intern/path_util.c
index 2f51b66725b..80ed7776c06 100644
--- a/source/blender/blenlib/intern/path_util.c
+++ b/source/blender/blenlib/intern/path_util.c
@@ -641,7 +641,7 @@ void BLI_path_rel(char *file, const char *relfile)
}
/* don't copy the slash at the beginning */
- r += BLI_strcpy_rlen(r, q + 1);
+ r += BLI_strncpy_rlen(r, q + 1, FILE_MAX - (r - res));
#ifdef WIN32
BLI_str_replace_char(res + 2, '/', '\\');
diff --git a/tests/gtests/blenlib/BLI_path_util_test.cc b/tests/gtests/blenlib/BLI_path_util_test.cc
index 480d48d6080..edc2b1189fe 100644
--- a/tests/gtests/blenlib/BLI_path_util_test.cc
+++ b/tests/gtests/blenlib/BLI_path_util_test.cc
@@ -633,3 +633,53 @@ TEST(path_util, PathExtension)
EXPECT_STREQ(".abc", BLI_path_extension("C:\\some.def\\file.abc"));
EXPECT_STREQ(".001", BLI_path_extension("Text.001"));
}
+
+/* BLI_path_rel. */
+
+#define PATH_REL(abs_path, ref_path, rel_path) \
+ { \
+ char path[FILE_MAX]; \
+ BLI_strncpy(path, abs_path, sizeof(path)); \
+ BLI_path_rel(path, ref_path); \
+ EXPECT_STREQ(rel_path, path); \
+ } \
+ void(0)
+
+TEST(path_util, PathRelPath)
+{
+ PATH_REL("/foo/bar/blender.blend", "/foo/bar/", "//blender.blend");
+ PATH_REL("/foo/bar/blender.blend", "/foo/bar", "//bar/blender.blend");
+
+ /* Check for potential buffer overflows. */
+ {
+ char abs_path_in[FILE_MAX];
+ abs_path_in[0] = '/';
+ for (int i = 1; i < FILE_MAX - 1; i++) {
+ abs_path_in[i] = 'A';
+ }
+ abs_path_in[FILE_MAX - 1] = '\0';
+ char abs_path_out[FILE_MAX];
+ abs_path_out[0] = '/';
+ abs_path_out[1] = '/';
+ for (int i = 2; i < FILE_MAX - 1; i++) {
+ abs_path_out[i] = 'A';
+ }
+ abs_path_out[FILE_MAX - 1] = '\0';
+ PATH_REL(abs_path_in, "/", abs_path_out);
+
+ const char *ref_path_in = "/foo/bar/";
+ const size_t ref_path_in_len = strlen(ref_path_in);
+ strcpy(abs_path_in, ref_path_in);
+ for (int i = ref_path_in_len; i < FILE_MAX - 1; i++) {
+ abs_path_in[i] = 'A';
+ }
+ abs_path_in[FILE_MAX - 1] = '\0';
+ abs_path_out[0] = '/';
+ abs_path_out[1] = '/';
+ for (int i = 2; i < FILE_MAX - ((int)ref_path_in_len - 1); i++) {
+ abs_path_out[i] = 'A';
+ }
+ abs_path_out[FILE_MAX - (ref_path_in_len - 1)] = '\0';
+ PATH_REL(abs_path_in, ref_path_in, abs_path_out);
+ }
+}
More information about the Bf-blender-cvs
mailing list