[Bf-blender-cvs] [41f2ea4045b] master: Fix incorrect BLI_snprintf usage
Campbell Barton
noreply at git.blender.org
Thu May 27 10:00:39 CEST 2021
Commit: 41f2ea4045b183b7e2d0c5f61d7ab7958267122e
Author: Campbell Barton
Date: Thu May 27 17:16:08 2021 +1000
Branches: master
https://developer.blender.org/rB41f2ea4045b183b7e2d0c5f61d7ab7958267122e
Fix incorrect BLI_snprintf usage
Event though in practice this wasn't causing problems as the fixed size
buffers are generally large enough not to truncate text.
Using the result from `snprint` or `BLI_snprintf` to step over a fixed
size buffer allows for buffer overruns as the returned value is the size
needed to copy the entire string, not the number of bytes copied.
Building strings using this convention with multiple calls:
ofs += BLI_snprintf(str + ofs, str_len_max - ofs);
.. caused the size argument to become negative,
wrapping it to a large value when cast to the unsigned argument.
===================================================================
M source/blender/blenkernel/intern/unit.c
M source/blender/blenlib/intern/timecode.c
M source/blender/draw/engines/overlay/overlay_motion_path.c
M source/blender/editors/interface/interface_handlers.c
M source/blender/editors/interface/interface_templates.c
M source/blender/editors/space_clip/clip_buttons.c
M source/blender/editors/space_image/image_buttons.c
M source/blender/editors/space_info/info_stats.c
M source/blender/editors/transform/transform_mode.c
M source/blender/editors/transform/transform_mode_edge_seq_slide.c
M source/blender/editors/transform/transform_mode_edge_slide.c
M source/blender/editors/transform/transform_mode_shrink_fatten.c
M source/blender/editors/transform/transform_mode_timetranslate.c
M source/blender/editors/transform/transform_mode_trackball.c
M source/blender/editors/transform/transform_mode_translate.c
M source/blender/editors/transform/transform_mode_vert_slide.c
M source/blender/imbuf/intern/jpeg.c
M source/blender/python/mathutils/mathutils_Matrix.c
===================================================================
diff --git a/source/blender/blenkernel/intern/unit.c b/source/blender/blenkernel/intern/unit.c
index 9ae1c754846..3612a26315c 100644
--- a/source/blender/blenkernel/intern/unit.c
+++ b/source/blender/blenkernel/intern/unit.c
@@ -943,7 +943,7 @@ static int unit_scale_str(char *str,
/* Add the addition sign, the bias, and the close parenthesis after the value. */
int value_end_ofs = find_end_of_value_chars(str, len_max, prev_op_ofs + 2);
- int len_bias_num = BLI_snprintf(str_tmp, TEMP_STR_SIZE, "+%.9g)", unit->bias);
+ int len_bias_num = BLI_snprintf_rlen(str_tmp, TEMP_STR_SIZE, "+%.9g)", unit->bias);
if (value_end_ofs + len_bias_num < len_max) {
memmove(str + value_end_ofs + len_bias_num, str + value_end_ofs, len - value_end_ofs + 1);
memcpy(str + value_end_ofs, str_tmp, len_bias_num);
@@ -957,7 +957,8 @@ static int unit_scale_str(char *str,
int len_move = (len - (found_ofs + len_name)) + 1; /* 1+ to copy the string terminator. */
/* "#" Removed later */
- int len_num = BLI_snprintf(str_tmp, TEMP_STR_SIZE, "*%.9g" SEP_STR, unit->scalar / scale_pref);
+ int len_num = BLI_snprintf_rlen(
+ str_tmp, TEMP_STR_SIZE, "*%.9g" SEP_STR, unit->scalar / scale_pref);
if (len_num > len_max) {
len_num = len_max;
diff --git a/source/blender/blenlib/intern/timecode.c b/source/blender/blenlib/intern/timecode.c
index 9586da941a4..7d7436411ac 100644
--- a/source/blender/blenlib/intern/timecode.c
+++ b/source/blender/blenlib/intern/timecode.c
@@ -216,10 +216,10 @@ size_t BLI_timecode_string_from_time_simple(char *str,
const int hun = ((int)(fmod(time_seconds, 1.0) * 100));
if (hr) {
- rlen = BLI_snprintf(str, maxncpy, "%.2d:%.2d:%.2d.%.2d", hr, min, sec, hun);
+ rlen = BLI_snprintf_rlen(str, maxncpy, "%.2d:%.2d:%.2d.%.2d", hr, min, sec, hun);
}
else {
- rlen = BLI_snprintf(str, maxncpy, "%.2d:%.2d.%.2d", min, sec, hun);
+ rlen = BLI_snprintf_rlen(str, maxncpy, "%.2d:%.2d.%.2d", min, sec, hun);
}
return rlen;
diff --git a/source/blender/draw/engines/overlay/overlay_motion_path.c b/source/blender/draw/engines/overlay/overlay_motion_path.c
index 48b7b53a5ba..a92f11aca38 100644
--- a/source/blender/draw/engines/overlay/overlay_motion_path.c
+++ b/source/blender/draw/engines/overlay/overlay_motion_path.c
@@ -190,7 +190,7 @@ static void motion_path_cache(OVERLAY_Data *vedata,
bool is_keyframe = (mpv->flag & MOTIONPATH_VERT_KEY) != 0;
if ((show_keyframes && show_keyframes_no && is_keyframe) || (show_frame_no && (i == 0))) {
- numstr_len = BLI_snprintf(numstr, sizeof(numstr), " %d", frame);
+ numstr_len = BLI_snprintf_rlen(numstr, sizeof(numstr), " %d", frame);
DRW_text_cache_add(
dt, mpv->co, numstr, numstr_len, 0, 0, txt_flag, (is_keyframe) ? col_kf : col);
}
@@ -200,7 +200,7 @@ static void motion_path_cache(OVERLAY_Data *vedata,
/* Only draw frame number if several consecutive highlighted points
* don't occur on same point. */
if ((equals_v3v3(mpv->co, mpvP->co) == 0) || (equals_v3v3(mpv->co, mpvN->co) == 0)) {
- numstr_len = BLI_snprintf(numstr, sizeof(numstr), " %d", frame);
+ numstr_len = BLI_snprintf_rlen(numstr, sizeof(numstr), " %d", frame);
DRW_text_cache_add(dt, mpv->co, numstr, numstr_len, 0, 0, txt_flag, col);
}
}
diff --git a/source/blender/editors/interface/interface_handlers.c b/source/blender/editors/interface/interface_handlers.c
index 282d470c7ea..22a2e0a55d1 100644
--- a/source/blender/editors/interface/interface_handlers.c
+++ b/source/blender/editors/interface/interface_handlers.c
@@ -2380,7 +2380,7 @@ static void float_array_to_string(float *values,
current_index++;
for (int i = 0; i < array_length; i++) {
- int length = BLI_snprintf(
+ int length = BLI_snprintf_rlen(
output + current_index, output_len_max - current_index, "%f", values[i]);
current_index += length;
diff --git a/source/blender/editors/interface/interface_templates.c b/source/blender/editors/interface/interface_templates.c
index e3df9704826..dad3ccbe213 100644
--- a/source/blender/editors/interface/interface_templates.c
+++ b/source/blender/editors/interface/interface_templates.c
@@ -1078,7 +1078,7 @@ static void template_ID(const bContext *C,
char numstr[32];
short numstr_len;
- numstr_len = BLI_snprintf(numstr, sizeof(numstr), "%d", ID_REAL_USERS(id));
+ numstr_len = BLI_snprintf_rlen(numstr, sizeof(numstr), "%d", ID_REAL_USERS(id));
but = uiDefBut(
block,
diff --git a/source/blender/editors/space_clip/clip_buttons.c b/source/blender/editors/space_clip/clip_buttons.c
index d555238e949..7379891543b 100644
--- a/source/blender/editors/space_clip/clip_buttons.c
+++ b/source/blender/editors/space_clip/clip_buttons.c
@@ -809,12 +809,12 @@ void uiTemplateMovieclipInformation(uiLayout *layout,
char str[1024];
size_t ofs = 0;
- ofs += BLI_snprintf(str + ofs, sizeof(str) - ofs, TIP_("%d x %d"), width, height);
+ ofs += BLI_snprintf_rlen(str + ofs, sizeof(str) - ofs, TIP_("%d x %d"), width, height);
if (ibuf) {
if (ibuf->rect_float) {
if (ibuf->channels != 4) {
- ofs += BLI_snprintf(
+ ofs += BLI_snprintf_rlen(
str + ofs, sizeof(str) - ofs, TIP_(", %d float channel(s)"), ibuf->channels);
}
else if (ibuf->planes == R_IMF_PLANES_RGBA) {
@@ -837,7 +837,7 @@ void uiTemplateMovieclipInformation(uiLayout *layout,
short frs_sec;
float frs_sec_base;
if (IMB_anim_get_fps(clip->anim, &frs_sec, &frs_sec_base, true)) {
- ofs += BLI_snprintf(
+ ofs += BLI_snprintf_rlen(
str + ofs, sizeof(str) - ofs, TIP_(", %.2f fps"), (float)frs_sec / frs_sec_base);
}
}
diff --git a/source/blender/editors/space_image/image_buttons.c b/source/blender/editors/space_image/image_buttons.c
index 6fb64de7e85..d909bfd1864 100644
--- a/source/blender/editors/space_image/image_buttons.c
+++ b/source/blender/editors/space_image/image_buttons.c
@@ -1218,11 +1218,12 @@ void uiTemplateImageInfo(uiLayout *layout, bContext *C, Image *ima, ImageUser *i
const int len = MAX_IMAGE_INFO_LEN;
int ofs = 0;
- ofs += BLI_snprintf(str + ofs, len - ofs, TIP_("%d x %d, "), ibuf->x, ibuf->y);
+ ofs += BLI_snprintf_rlen(str + ofs, len - ofs, TIP_("%d x %d, "), ibuf->x, ibuf->y);
if (ibuf->rect_float) {
if (ibuf->channels != 4) {
- ofs += BLI_snprintf(str + ofs, len - ofs, TIP_("%d float channel(s)"), ibuf->channels);
+ ofs += BLI_snprintf_rlen(
+ str + ofs, len - ofs, TIP_("%d float channel(s)"), ibuf->channels);
}
else if (ibuf->planes == R_IMF_PLANES_RGBA) {
ofs += BLI_strncpy_rlen(str + ofs, TIP_(" RGBA float"), len - ofs);
diff --git a/source/blender/editors/space_info/info_stats.c b/source/blender/editors/space_info/info_stats.c
index 0bdfceb36b6..cf847fa18a8 100644
--- a/source/blender/editors/space_info/info_stats.c
+++ b/source/blender/editors/space_info/info_stats.c
@@ -505,14 +505,14 @@ static void get_stats_string(
LayerCollection *layer_collection = view_layer->active_collection;
if (object_mode == OB_MODE_OBJECT) {
- *ofs += BLI_snprintf(info + *ofs,
- len - *ofs,
- "%s | ",
- BKE_collection_ui_name_get(layer_collection->collection));
+ *ofs += BLI_snprintf_rlen(info + *ofs,
+ len - *ofs,
+ "%s | ",
+ BKE_collection_ui_name_get(layer_collection->collection));
}
if (ob) {
- *ofs += BLI_snprintf(info + *ofs, len - *ofs, "%s | ", ob->id.name + 2);
+ *ofs += BLI_snprintf_rlen(info + *ofs, len - *ofs, "%s | ", ob->id.name + 2);
}
if (obedit) {
@@ -521,72 +521,72 @@ static void get_stats_string(
}
if (obedit->type == OB_MESH) {
- *ofs += BLI_snprintf(info + *ofs,
- len - *ofs,
- TIP_("Verts:%s/%s | Edges:%s/%s | Faces:%s/%s | Tris:%s"),
- stats_fmt->totvertsel,
- stats_fmt->totvert,
- stats_fmt->totedgesel,
- stats_fmt->totedge,
- stats_fmt->totfacesel,
- stats_fmt->totface,
- stats_fmt->tottri);
+ *ofs += BLI_snprintf_rlen(info + *ofs,
+ len - *ofs,
+ TIP_("Verts:%s/%s | Edges:%s/%s | Faces:%s/%s | Tris:%s"),
+ stats_fmt->totvertsel,
+ stats_fmt->totvert,
+ stats_fmt->totedgesel,
+ stats_fmt->totedge,
+ stats_fmt->totfacesel,
+ stats_fmt->totface,
+ stats_fmt->tottri);
}
else if (obedit->type == OB_ARMATURE) {
- *ofs += BLI_snprintf(info + *ofs,
- len - *ofs,
- TIP_("Joints:%s/%s | Bones:%s/%s"),
- stats_fmt->totvertsel,
- stats_fmt->totvert,
- stats_fmt->totbonesel,
- stats_fmt->totbone);
+ *ofs += BLI_snprintf_rlen(info + *ofs,
+ len - *ofs,
+ TIP_("Joints:%s/%s | Bones:%s/%s"),
+ stats_fmt->totvertsel,
+ stats_fmt->totvert,
+ stats_fmt->totbonesel,
+ stats_fmt->totbone);
}
else {
- *ofs += BLI_snprintf(
+ *ofs += BLI_snprintf_rlen(
info + *ofs, len - *ofs, TIP_("Verts:%s/%s"), stats_fmt->totvertsel, stats_fmt->totvert);
}
}
else if (ob && (object_mode & OB_MODE_POSE)) {
- *ofs += BLI_snprintf(
+ *ofs += BLI_snprintf_rlen(
info + *ofs, len - *ofs, TIP_("Bones:%s/%s"), stats_fmt->totbonesel, stats_fmt->totbone);
@@ Diff output truncated at 10240 characters. @@
More information about the Bf-blender-cvs
mailing list