Fix potential buffer overflow in strcpy use on macOS

The null byte wasn't taken into account when allocating memory to strcpy into. The calculation to check if allocation was needed was also wrong, causing allocation for every string. In practice it's not so likely users would ever hit this since the function tended to over allocate, even in the case an off by one error occurred, in all likelihood the room would already be available. Ref !114512
2023-11-06 20:54:04 +11:00
parent 54e35e7388
commit c7afbbc836
1 changed files with 2 additions and 2 deletions
--- a/source/blender/gpu/metal/mtl_shader_generator.mm
+++ b/source/blender/gpu/metal/mtl_shader_generator.mm
@@ -3480,8 +3480,8 @@ static uint32_t name_buffer_copystr(char **name_buffer_ptr,
  BLI_assert(ret_len > 0);

  /* If required name buffer size is larger, increase by at least 128 bytes. */
-  if (name_buffer_size + ret_len > name_buffer_size) {
-    name_buffer_size = name_buffer_size + max_ii(128, ret_len);
+  if (name_buffer_offset + ret_len + 1 > name_buffer_size) {
+    name_buffer_size = name_buffer_offset + max_ii(128, ret_len + 1);
    *name_buffer_ptr = (char *)MEM_reallocN(*name_buffer_ptr, name_buffer_size);
  }