Blender Git Loki
Git Commits -> Revision ad94a23
March 13, 2021, 00:59 (GMT) |
Fix heap buffer overflow appending/linking from a blend file Add new function `blo_bhead_is_id_valid_type()` to correctly check the blend file block type. File block type codes have four bytes, and two of those are only in use when these blocks contain ID datablocks (like `"OB "`). However, there are other types defined in `BLO_blend_defs.h` that have four bytes, like `TEST`, `ENDB`, etc. The function `BKE_idtype_idcode_is_valid(short idcode)` was used to check for ID datablocks while reading a blend file. This only takes a 2-byte parameter, and thus its result is invalid for the 4-byte codes. For `TEST` blocks, it would actually consider it a `TE` block, which is a valid identifier for a Texture. This caused the heap buffer overflow, as the datablock is not a valid ID, and thus the bytes that were expected to form an ID name actually encode something completely different. Reviewed By: mont29 Differential Revision: https://developer.blender.org/D10703 |
Commit Details:
Full Hash: ad94a235e07167347e351264e6aeb6d3eda35c70
Parent Commit: 2bc4447
Committed By: YimingWu
Lines Changed: +26, -7
1 Modified Path:
/source/blender/blenloader/intern/readfile.c (+26, -7) (Diff)