From 97d29ab01122ba3e7e803b9bd6fd8b6e598a8c35 Mon Sep 17 00:00:00 2001 From: Hans Goudey Date: Wed, 7 Feb 2024 19:51:03 -0500 Subject: [PATCH] Fix #117632: IME input crash after refactor to use std::string The IME widget drawing code replaces the button's draw string, but it did this with a C-style const cast which let this go unnoticed in 089c389b5c00ec279429 which changed the string from a C array to a C++ std::string, where it's UB to just change the length this way. --- source/blender/editors/interface/interface_widgets.cc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source/blender/editors/interface/interface_widgets.cc b/source/blender/editors/interface/interface_widgets.cc index 986b47b3263..056a423c298 100644 --- a/source/blender/editors/interface/interface_widgets.cc +++ b/source/blender/editors/interface/interface_widgets.cc @@ -1900,13 +1900,17 @@ static void widget_draw_text(const uiFontStyle *fstyle, if (ime_data && ime_data->composite_len) { /* insert composite string into cursor pos */ - BLI_snprintf((char *)drawstr, - UI_MAX_DRAW_STR, + char tmp_drawstr[UI_MAX_DRAW_STR]; + STRNCPY(tmp_drawstr, drawstr); + BLI_snprintf(tmp_drawstr, + sizeof(tmp_drawstr), "%.*s%s%s", but->pos, but->editstr, ime_data->str_composite, but->editstr + but->pos); + but->drawstr = tmp_drawstr; + drawstr = but->drawstr.c_str(); } else #endif -- 2.30.2