fix for out-of-bounds checks for fcurve modifier and poselib, also check for NULL...
authorCampbell Barton <ideasman42@gmail.com>
Fri, 14 Sep 2012 06:15:46 +0000 (06:15 +0000)
committerCampbell Barton <ideasman42@gmail.com>
Fri, 14 Sep 2012 06:15:46 +0000 (06:15 +0000)
source/blender/avi/intern/avi.c
source/blender/blenkernel/intern/fmodifier.c
source/blender/editors/armature/poselib.c

index 39424057faf6920e8bf9eb36402a9596ce6db73b..cda2cf303ebf1531f0ed9aaaa178ad10e761aca8 100644 (file)
@@ -734,9 +734,10 @@ AviError AVI_close(AviMovie *movie)
 
        fclose(movie->fp);
 
-       for (i = 0; i < movie->header->Streams; i++) {
-               if (movie->streams[i].sf != NULL)
+       for (i = 0; movie->header && (i < movie->header->Streams); i++) {
+               if (movie->streams && (movie->streams[i].sf != NULL)) {
                        MEM_freeN(movie->streams[i].sf);
+               }
        }
 
        if (movie->header != NULL)
@@ -1081,9 +1082,10 @@ AviError AVI_close_compress(AviMovie *movie)
 
        fclose(movie->fp);
 
-       for (i = 0; i < movie->header->Streams; i++) {
-               if (movie->streams[i].sf != NULL)
+       for (i = 0; movie->header && (i < movie->header->Streams); i++) {
+               if (movie->streams && (movie->streams[i].sf != NULL)) {
                        MEM_freeN(movie->streams[i].sf);
+               }
        }
        if (movie->header != NULL)
                MEM_freeN(movie->header);
index 438188b1e2ab1cf679c7e2c1cd17b9f371a29a98..538d2469a934136027dea592d7b6b3141dcd3a9c 100644 (file)
@@ -965,8 +965,8 @@ FModifierTypeInfo *get_fmodifier_typeinfo(int type)
        }
        
        /* only return for valid types */
-       if ( (type >= FMODIFIER_TYPE_NULL) && 
-            (type <= FMODIFIER_NUM_TYPES) )
+       if ((type >= FMODIFIER_TYPE_NULL) &&
+           (type <  FMODIFIER_NUM_TYPES))
        {
                /* there shouldn't be any segfaults here... */
                return fmodifiersTypeInfo[type];
index 23c987c3536bbfd221359e0c5f657bdb9c489c67..eea7424c59a271d788f76f68ebdecbcd28b2edfb 100644 (file)
@@ -1006,7 +1006,7 @@ static void poselib_preview_apply(bContext *C, wmOperator *op)
                        /* get search-string */
                        index = pld->search_cursor;
                        
-                       if (index >= 0 && index <= sizeof(tempstr) - 1) {
+                       if (index >= 0 && index < sizeof(tempstr) - 1) {
                                memcpy(&tempstr[0], &pld->searchstr[0], index);
                                tempstr[index] = '|';
                                memcpy(&tempstr[index + 1], &pld->searchstr[index], (sizeof(tempstr) - 1) - index);