[Bf-committers] Blender 2.43 RC1

Giuseppe Ghibò ghibo at mandriva.com
Tue Jan 2 20:06:52 CET 2007


Peter Schlaile ha scritto:

> Hi,
> 
>> 1) I found that recently into source/blender/blenkernel/BKE_plugin_types.h
>> the size of the 'name' array was increased from 16 to 32. Indeed when it
>> was 16 I was also getting a buffer overrun, as described here:
>>
>> 	http://qa.mandriva.com/show_bug.cgi?id=24583
>>
>> and I wrote a patch for 2.42a here:
>>
>> 	http://svn.mandriva.com/cgi-bin/viewvc.cgi/*checkout*/packages/cooker/blender/current/SOURCES/blender-2.42a-wavefront-obj-overrun.patch
>>
>> Indeed apart the increasing of the size of the array from 16 to 32 bytes,
>> that code from 2.42a to current CVS wasn't changed, so the bug is still there (just shifted).
>> Would be possible to include this patch:
>>
>> http://svn.mandriva.com/cgi-bin/viewvc.cgi/*checkout*/packages/cooker/blender/current/SOURCES/blender-2.43-wavefront-obj-overrun.patch
>>
>> into current blender CVS, so to perform a more robust
>> check over that arrays?
> 
> Fiddling with VarStruct is generally a bad idea (tm), since it breaks
> binary compatibility to existing plugins.
> 
> (take a look here:
> http://projects.blender.org/pipermail/bf-committers/2006-December/017063.html
> )
> 
> Does your patch also work with
> 
> #define VARSTRUCT_NAMEMAX 16
> 
> ?

Indeed the minimal I tried to get room for the passed strings was 19. AFAIK the 
code should work also with 16 without overrun, as at most truncates the string
to the max allowed value. The testcase is to import the OBJ from the attached 
file of the bug above. I'll try to test also with 16, if that would preserve the 
ABI.

Bye.
Giuseppe.



More information about the Bf-committers mailing list