archive/blender-archive
Archived
1
1
Fork 0
Code Pull Requests Packages Activity

Fix stack corruptions in special cases

Browse Source 
Issue was caused by wrong array length used
for result of name_uiprefix_id, which shall
actually be 1 byte bugger than MAX_ID_NAME.

Reported by Sebastian Koenig in IRC.
This commit is contained in:
Sergey Sharybin
2013-05-23 18:19:50 +00:00
parent 0fcc6baa0b
commit d003a08302
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
source/blender/editors/interface/interface_layout.c
View File

@@ -1357,6 +1357,7 @@ static void rna_search_cb(const struct bContext *C, void *arg_but, const char *s
char name_ui[MAX_ID_NAME]; char name_ui[MAX_ID_NAME];
#if 0 /* this name is used for a string comparison and can't be modified, TODO */ #if 0 /* this name is used for a string comparison and can't be modified, TODO */
/* if ever enabled, make name_ui be MAX_ID_NAME+1 */
name_uiprefix_id(name_ui, id); name_uiprefix_id(name_ui, id);
#else #else
BLI_strncpy(name_ui, id->name + 2, sizeof(name_ui)); BLI_strncpy(name_ui, id->name + 2, sizeof(name_ui));

5
source/blender/editors/interface/interface_templates.c
View File

@@ -151,7 +151,10 @@ static void id_search_cb(const bContext *C, void *arg_template, const char *str,
continue; continue;
if (BLI_strcasestr(id->name + 2, str)) { if (BLI_strcasestr(id->name + 2, str)) {
char name_ui[MAX_ID_NAME]; /* +1 is needed because name_uiprefix_id used 3 letter prefix
* followed by ID_NAME-2 characters from id->name
*/
char name_ui[MAX_ID_NAME + 1];
name_uiprefix_id(name_ui, id); name_uiprefix_id(name_ui, id);
iconid = ui_id_icon_get((bContext *)C, id, template->preview); iconid = ui_id_icon_get((bContext *)C, id, template->preview);