From c7afbbc836d219c482fe8febb1f686ff91b270d2 Mon Sep 17 00:00:00 2001
From: Campbell Barton <campbell@blender.org>
Date: Mon, 6 Nov 2023 20:54:04 +1100
Subject: [PATCH] Fix potential buffer overflow in strcpy use on macOS

The null byte wasn't taken into account when allocating memory
to strcpy into.

The calculation to check if allocation was needed  was also wrong,
causing allocation for every string.

In practice it's not so likely users would ever hit this since
the function tended to over allocate, even in the case an off by one
error occurred, in all likelihood the room would already be available.

Ref !114512
---
 source/blender/gpu/metal/mtl_shader_generator.mm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source/blender/gpu/metal/mtl_shader_generator.mm b/source/blender/gpu/metal/mtl_shader_generator.mm
index 8aae184d4b3..98033d9db04 100644
--- a/source/blender/gpu/metal/mtl_shader_generator.mm
+++ b/source/blender/gpu/metal/mtl_shader_generator.mm
@@ -3480,8 +3480,8 @@ static uint32_t name_buffer_copystr(char **name_buffer_ptr,
   BLI_assert(ret_len > 0);
 
   /* If required name buffer size is larger, increase by at least 128 bytes. */
-  if (name_buffer_size + ret_len > name_buffer_size) {
-    name_buffer_size = name_buffer_size + max_ii(128, ret_len);
+  if (name_buffer_offset + ret_len + 1 > name_buffer_size) {
+    name_buffer_size = name_buffer_offset + max_ii(128, ret_len + 1);
     *name_buffer_ptr = (char *)MEM_reallocN(*name_buffer_ptr, name_buffer_size);
   }