Fix stack corruptions in special cases
authorSergey Sharybin <sergey.vfx@gmail.com>
Thu, 23 May 2013 18:19:50 +0000 (18:19 +0000)
committerSergey Sharybin <sergey.vfx@gmail.com>
Thu, 23 May 2013 18:19:50 +0000 (18:19 +0000)
Issue was caused by wrong array length used
for result of name_uiprefix_id, which shall
actually be 1 byte bugger than MAX_ID_NAME.

Reported by Sebastian Koenig in IRC.

source/blender/editors/interface/interface_layout.c
source/blender/editors/interface/interface_templates.c

index 184477ab38f7e7159e1861af43855d906b18d42d..7522273f5625cf1ee996f6e49c0236a9999dab70 100644 (file)
@@ -1357,6 +1357,7 @@ static void rna_search_cb(const struct bContext *C, void *arg_but, const char *s
                        char name_ui[MAX_ID_NAME];
 
 #if 0       /* this name is used for a string comparison and can't be modified, TODO */
+                       /* if ever enabled, make name_ui be MAX_ID_NAME+1 */
                        name_uiprefix_id(name_ui, id);
 #else
                        BLI_strncpy(name_ui, id->name + 2, sizeof(name_ui));
index b87c067a1abefb0f307e34642e57373589b8922a..f07b31eff17c2d967bc8bee0649654256970b880 100644 (file)
@@ -151,7 +151,10 @@ static void id_search_cb(const bContext *C, void *arg_template, const char *str,
                                        continue;
 
                        if (BLI_strcasestr(id->name + 2, str)) {
-                               char name_ui[MAX_ID_NAME];
+                               /* +1 is needed because name_uiprefix_id used 3 letter prefix
+                                * followed by ID_NAME-2 characters from id->name
+                                */
+                               char name_ui[MAX_ID_NAME + 1];
                                name_uiprefix_id(name_ui, id);
 
                                iconid = ui_id_icon_get((bContext *)C, id, template->preview);