Blender Git Commit Log

Fix heap buffer overflow appending/linking from a blend file

Add new function `blo_bhead_is_id_valid_type()` to correctly check the
blend file block type.

File block type codes have four bytes, and two of those are only in use
when these blocks contain ID datablocks (like `"OB "`). However,
there are other types defined in `BLO_blend_defs.h` that have four
bytes, like `TEST`, `ENDB`, etc.

The function `BKE_idtype_idcode_is_valid(short idcode)` was used to
check for ID datablocks while reading a blend file. This only takes a
2-byte parameter, and thus its result is invalid for the 4-byte codes.
For `TEST` blocks, it would actually consider it a `TE` block, which is
a valid identifier for a Texture. This caused the heap buffer overflow,
as the datablock is not a valid ID, and thus the bytes that were
expected to form an ID name actually encode something completely
different.

Reviewed By: mont29

Differential Revision: https://developer.blender.org/D10703