Commit: d3b0977a354d91c363d7128f3e0ef2c5eea977e7
Author: Kévin Dietrich
Date:   Sat Oct 29 16:22:33 2016 +0200
Branches: master
https://developer.blender.org/rBd3b0977a354d91c363d7128f3e0ef2c5eea977e7

Fix T49878: Alembic crash with long object name

Crash comes from writing to char array (ID::name) out its bound and thus
overriding memory in the ID struct.

===================================================================

M       source/blender/alembic/intern/abc_camera.cc

===================================================================

diff --git a/source/blender/alembic/intern/abc_camera.cc 
b/source/blender/alembic/intern/abc_camera.cc
index 5c34ec1..d5271e3 100644
--- a/source/blender/alembic/intern/abc_camera.cc
+++ b/source/blender/alembic/intern/abc_camera.cc
@@ -119,7 +119,7 @@ bool AbcCameraReader::valid() const
 
 void AbcCameraReader::readObjectData(Main *bmain, float time)
 {
-       Camera *bcam = static_cast<Camera *>(BKE_camera_add(bmain, 
"abc_camera"));
+       Camera *bcam = static_cast<Camera *>(BKE_camera_add(bmain, 
m_data_name.c_str()));
 
        ISampleSelector sample_sel(time);
        CameraSample cam_sample;
@@ -155,8 +155,6 @@ void AbcCameraReader::readObjectData(Main *bmain, float 
time)
        bcam->gpu_dof.focus_distance = cam_sample.getFocusDistance();
        bcam->gpu_dof.fstop = cam_sample.getFStop();
 
-       BLI_strncpy(bcam->id.name + 2, m_data_name.c_str(), m_data_name.size() 
+ 1);
-
        m_object = BKE_object_add_only_object(bmain, OB_CAMERA, 
m_object_name.c_str());
        m_object->data = bcam;
 }

_______________________________________________
Bf-blender-cvs mailing list
[email protected]
https://lists.blender.org/mailman/listinfo/bf-blender-cvs

Reply via email to