forked from bartvdbraak/blender
Fix T47252: FileBrowser: buffer overflow with scripts defining too long 'filter_glob' string.
Fixed this with three changes: * filter_glob is now 255 char max (63 could be a bit limited in some rare cases). * IO templates now explicitely define max len of that property (such that scripters are aware of the limit). * ED_fileselect_set_params() is now safe regarding too long strings from a 'filter_glob' op property.
This commit is contained in:
parent
4e2eea63a4
commit
66aa4af836
@ -28,6 +28,7 @@ class ExportSomeData(Operator, ExportHelper):
|
|||||||
filter_glob = StringProperty(
|
filter_glob = StringProperty(
|
||||||
default="*.txt",
|
default="*.txt",
|
||||||
options={'HIDDEN'},
|
options={'HIDDEN'},
|
||||||
|
maxlen=255, # Max internal buffer length, longer would be clamped.
|
||||||
)
|
)
|
||||||
|
|
||||||
# List of operator properties, the attributes will be assigned
|
# List of operator properties, the attributes will be assigned
|
||||||
|
@ -31,6 +31,7 @@ class ImportSomeData(Operator, ImportHelper):
|
|||||||
filter_glob = StringProperty(
|
filter_glob = StringProperty(
|
||||||
default="*.txt",
|
default="*.txt",
|
||||||
options={'HIDDEN'},
|
options={'HIDDEN'},
|
||||||
|
maxlen=255, # Max internal buffer length, longer would be clamped.
|
||||||
)
|
)
|
||||||
|
|
||||||
# List of operator properties, the attributes will be assigned
|
# List of operator properties, the attributes will be assigned
|
||||||
|
@ -270,7 +270,7 @@ typedef struct FileListEntryPreview {
|
|||||||
typedef struct FileListFilter {
|
typedef struct FileListFilter {
|
||||||
unsigned int filter;
|
unsigned int filter;
|
||||||
unsigned int filter_id;
|
unsigned int filter_id;
|
||||||
char filter_glob[64];
|
char filter_glob[256];
|
||||||
char filter_search[66]; /* + 2 for heading/trailing implicit '*' wildcards. */
|
char filter_search[66]; /* + 2 for heading/trailing implicit '*' wildcards. */
|
||||||
short flags;
|
short flags;
|
||||||
} FileListFilter;
|
} FileListFilter;
|
||||||
|
@ -186,7 +186,13 @@ short ED_fileselect_set_params(SpaceFile *sfile)
|
|||||||
if ((prop = RNA_struct_find_property(op->ptr, "filter_collada")))
|
if ((prop = RNA_struct_find_property(op->ptr, "filter_collada")))
|
||||||
params->filter |= RNA_property_boolean_get(op->ptr, prop) ? FILE_TYPE_COLLADA : 0;
|
params->filter |= RNA_property_boolean_get(op->ptr, prop) ? FILE_TYPE_COLLADA : 0;
|
||||||
if ((prop = RNA_struct_find_property(op->ptr, "filter_glob"))) {
|
if ((prop = RNA_struct_find_property(op->ptr, "filter_glob"))) {
|
||||||
RNA_property_string_get(op->ptr, prop, params->filter_glob);
|
/* Protection against pyscripts not setting proper size limit... */
|
||||||
|
char *tmp = RNA_property_string_get_alloc(
|
||||||
|
op->ptr, prop, params->filter_glob, sizeof(params->filter_glob), NULL);
|
||||||
|
if (tmp != params->filter_glob) {
|
||||||
|
BLI_strncpy(params->filter_glob, tmp, sizeof(params->filter_glob));
|
||||||
|
MEM_freeN(tmp);
|
||||||
|
}
|
||||||
params->filter |= (FILE_TYPE_OPERATOR | FILE_TYPE_FOLDER);
|
params->filter |= (FILE_TYPE_OPERATOR | FILE_TYPE_FOLDER);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
@ -591,7 +591,7 @@ typedef struct FileSelectParams {
|
|||||||
char renamefile[256];
|
char renamefile[256];
|
||||||
char renameedit[256]; /* annoying but the first is only used for initialization */
|
char renameedit[256]; /* annoying but the first is only used for initialization */
|
||||||
|
|
||||||
char filter_glob[64]; /* list of filetypes to filter */
|
char filter_glob[256]; /* list of filetypes to filter */
|
||||||
|
|
||||||
char filter_search[64]; /* text items' name must match to be shown. */
|
char filter_search[64]; /* text items' name must match to be shown. */
|
||||||
int filter_id; /* same as filter, but for ID types (aka library groups). */
|
int filter_id; /* same as filter, but for ID types (aka library groups). */
|
||||||
|
Loading…
Reference in New Issue
Block a user