Fix stack corruptions in special cases

Issue was caused by wrong array length used for result of name_uiprefix_id, which shall actually be 1 byte bugger than MAX_ID_NAME. Reported by Sebastian Koenig in IRC.
2013-05-23 18:19:50 +00:00
parent 0fcc6baa0b
commit d003a08302
2 changed files with 5 additions and 1 deletions
--- a/source/blender/editors/interface/interface_layout.c
+++ b/source/blender/editors/interface/interface_layout.c
@@ -1357,6 +1357,7 @@ static void rna_search_cb(const struct bContext *C, void *arg_but, const char *s
 			char name_ui[MAX_ID_NAME];

 #if 0       /* this name is used for a string comparison and can't be modified, TODO */
+			/* if ever enabled, make name_ui be MAX_ID_NAME+1 */
 			name_uiprefix_id(name_ui, id);
 #else
 			BLI_strncpy(name_ui, id->name + 2, sizeof(name_ui));
--- a/source/blender/editors/interface/interface_templates.c
+++ b/source/blender/editors/interface/interface_templates.c
@@ -151,7 +151,10 @@ static void id_search_cb(const bContext *C, void *arg_template, const char *str,
 					continue;

 			if (BLI_strcasestr(id->name + 2, str)) {
-				char name_ui[MAX_ID_NAME];
+				/* +1 is needed because name_uiprefix_id used 3 letter prefix
+				 * followed by ID_NAME-2 characters from id->name
+				 */
+				char name_ui[MAX_ID_NAME + 1];
 				name_uiprefix_id(name_ui, id);

 				iconid = ui_id_icon_get((bContext *)C, id, template->preview);