Fix #27359: Pasting long text crashes blender

Actual problem was caused by insufficient buffer size
in ui_text_leftclip()

Also fixed possible invalid memory write in GHOST_SystemWin32::getClipboard
which was caused by accessing clipboard buffer after closing
clipboard. This mustn't happen.
Also fixed possible crush when buffer was failed to be locked.

intern/ghost/intern/GHOST_SystemWin32.cpp

@@ -1178,25 +1178,28 @@ GHOST_TUns8* GHOST_SystemWin32::getClipboard(bool selection) const
 	char *temp_buff;
 	
 	if ( IsClipboardFormatAvailable(CF_TEXT) && OpenClipboard(NULL) ) {
+		size_t len = 0;
 		HANDLE hData = GetClipboardData( CF_TEXT );
 		if (hData == NULL) {
 			CloseClipboard();
 			return NULL;
 		}
 		buffer = (char*)GlobalLock( hData );
+		if (!buffer) {
+			return NULL;
+		}
 		
-		temp_buff = (char*) malloc(strlen(buffer)+1);
-		strcpy(temp_buff, buffer);
+		len = strlen(buffer);
+		temp_buff = (char*) malloc(len+1);
+		strncpy(temp_buff, buffer, len);
+		temp_buff[len] = '\0';
 		
+		/* Buffer mustn't be accessed after CloseClipboard
+		   it would like accessing free-d memory */
 		GlobalUnlock( hData );
 		CloseClipboard();
 		
-		temp_buff[strlen(buffer)] = '\0';
-		if (buffer) {
-			return (GHOST_TUns8*)temp_buff;
-		} else {
-			return NULL;
-		}
+		return (GHOST_TUns8*)temp_buff;
 	} else {
 		return NULL;
 	}

source/blender/editors/interface/interface_widgets.c

@@ -888,7 +888,7 @@ static void ui_text_leftclip(uiFontStyle *fstyle, uiBut *but, rcti *rect)
 		/* textbut exception, clip right when... */
 		if(but->editstr && but->pos >= 0) {
 			float width;
-			char buf[256];
+			char buf[UI_MAX_DRAW_STR];
 			
 			/* copy draw string */
 			BLI_strncpy(buf, but->drawstr, sizeof(buf));