Blender Git Commit Log

Git Commits -> Revision bcac171

Revision bcac171 by Sybren A. Stüvel (master)
March 12, 2021, 14:58 (GMT)
Fix heap buffer overflow appending/linking from a blend file

Add new function `blo_bhead_is_id_valid_type()` to correctly check the
blend file block type.

File block type codes have four bytes, and two of those are only in use
when these blocks contain ID datablocks (like `"OB "`). However,
there are other types defined in `BLO_blend_defs.h` that have four
bytes, like `TEST`, `ENDB`, etc.

The function `BKE_idtype_idcode_is_valid(short idcode)` was used to
check for ID datablocks while reading a blend file. This only takes a
2-byte parameter, and thus its result is invalid for the 4-byte codes.
For `TEST` blocks, it would actually consider it a `TE` block, which is
a valid identifier for a Texture. This caused the heap buffer overflow,
as the datablock is not a valid ID, and thus the bytes that were
expected to form an ID name actually encode something completely
different.

Reviewed By: mont29

Differential Revision: https://developer.blender.org/D10703

Commit Details:

Full Hash: bcac17196a90967b78013aefd89bf547cf8e694c
Parent Commit: f0c3ec3
Lines Changed: +26, -7

1 Modified Path:

/source/blender/blenloader/intern/readfile.c (+26, -7) (Diff)
By: Miika HämäläinenLast update: Nov-07-2014 14:18MiikaHweb | 2003-2021