[Bf-blender-cvs] [cf7a5e9] master: Fix buffer overrun searching program path on win32

[Campbell Barton]

Commit: cf7a5e93f8d89d8b5382b07834dd0e9fc694254b
Author: Campbell Barton
Date:   Thu Jun 4 16:48:56 2015 +1000
Branches: master
https://developer.blender.org/rBcf7a5e93f8d89d8b5382b07834dd0e9fc694254b

Fix buffer overrun searching program path on win32

===================================================================

M       source/blender/blenlib/intern/path_util.c

===================================================================

diff --git a/source/blender/blenlib/intern/path_util.c 
b/source/blender/blenlib/intern/path_util.c
index e85f72f..9cf360a 100644
--- a/source/blender/blenlib/intern/path_util.c
+++ b/source/blender/blenlib/intern/path_util.c
@@ -57,6 +57,7 @@
 #  include <shlobj.h>
 #  include "BLI_winstuff.h"
 #  include "MEM_guardedalloc.h"
+#  include "BLI_alloca.h"
 #else
 #  include "unistd.h"
 #endif /* WIN32 */
@@ -1033,27 +1034,34 @@ bool BLI_path_program_extensions_add_win32(char *name, 
const size_t maxlen)
 
        type = BLI_exists(name);
        if ((type == 0) || S_ISDIR(type)) {
-               char filename[FILE_MAX];
+               /* typically 3-5, ".EXE", ".BAT"... etc */
+               const int ext_max = 12;
                const char *ext = getenv("PATHEXT");
                if (ext) {
                        const int name_len = strlen(name);
+                       char *filename = alloca(name_len + ext_max);
+                       char *filename_ext;
                        const char *ext_next;
+
                        /* null terminated in the loop */
                        memcpy(filename, name, name_len);
+                       filename_ext = filename + name_len;
+
                        do {
                                int ext_len;
-
                                ext_next = strchr(ext, ';');
                                ext_len = ext_next ? ((ext_next++) - ext) : 
strlen(ext);
 
-                               memcpy(filename + name_len, ext, ext_len);
-                               filename[name_len + ext_len] = '\0';
+                               if (LIKELY(ext_len < ext_max)) {
+                                       memcpy(filename_ext, ext, ext_len);
+                                       filename_ext[ext_len] = '\0';
 
-                               type = BLI_exists(filename);
-                               if (type && (!S_ISDIR(type))) {
-                                       retval = true;
-                                       BLI_strncpy(name, filename, maxlen);
-                                       break;
+                                        type = BLI_exists(filename);
+                                        if (type && (!S_ISDIR(type))) {
+                                               retval = true;
+                                               BLI_strncpy(name, filename, 
maxlen);
+                                               break;
+                                       }
                                }
                        } while ((ext = ext_next));
                }

_______________________________________________
Bf-blender-cvs mailing list
Bf-blender-cvs@blender.org
http://lists.blender.org/mailman/listinfo/bf-blender-cvs