Fix potential buffer overflows from invalid string size arguments

- FILENAME_MAX was used when the output was later limited by FILE_MAX.
- Some were passing in incorrect/dummy sizes in a couple of places.

source/blender/blenkernel/intern/bpath.c

@@ -531,7 +531,7 @@ static bool absolute_convert_foreach_path_cb(BPathForeachPathData *bpath_data,
     return false; /* Already absolute. */
   }
 
-  BLI_strncpy(path_dst, path_src, FILENAME_MAX);
+  BLI_strncpy(path_dst, path_src, FILE_MAX);
   BLI_path_abs(path_dst, data->basedir);
   if (BLI_path_is_rel(path_dst) == false) {
     data->count_changed++;

source/blender/blenlib/tests/BLI_string_test.cc

@@ -1047,10 +1047,12 @@ class StringEscape : public testing::Test {
   void testEscapeWords(const CompareWordsArray &items)
   {
     size_t dst_test_len;
-    char dst_test[64];
+    char dst_test[64]; /* Must be big enough for all input. */
     for (const auto &item : items) {
+      /* Validate the static size is big enough (test the test it's self). */
+      EXPECT_LT((strlen(item[0]) * 2) + 1, sizeof(dst_test));
       /* Escape the string. */
-      dst_test_len = BLI_str_escape(dst_test, item[0], SIZE_MAX);
+      dst_test_len = BLI_str_escape(dst_test, item[0], sizeof(dst_test));
       EXPECT_STREQ(dst_test, item[1]);
       EXPECT_EQ(dst_test_len, strlen(dst_test));
       /* Escape back. */

source/blender/blenloader/intern/versioning_280.c

@@ -428,10 +428,9 @@ static void do_version_layers_to_collections(Main *bmain, Scene *scene)
       if (base->lay & (1 << layer)) {
         /* Create collections when needed only. */
         if (collections[layer] == NULL) {
-          char name[MAX_NAME];
+          char name[MAX_ID_NAME - 2];
 
-          BLI_snprintf(
-              name, sizeof(collection_master->id.name), DATA_("Collection %d"), layer + 1);
+          BLI_snprintf(name, sizeof(name), DATA_("Collection %d"), layer + 1);
 
           Collection *collection = BKE_collection_add(bmain, collection_master, name);
           collection->id.lib = scene->id.lib;

source/blender/io/wavefront_obj/exporter/obj_export_file_writer.cc

@@ -519,7 +519,10 @@ static std::string float3_to_string(const float3 &numbers)
 MTLWriter::MTLWriter(const char *obj_filepath) noexcept(false)
 {
   mtl_filepath_ = obj_filepath;
-  const bool ok = BLI_path_extension_replace(mtl_filepath_.data(), FILE_MAX, ".mtl");
+  /* It only makes sense to replace this extension if it's at least as long as the existing one. */
+  BLI_assert(strlen(BLI_path_extension(obj_filepath)) == 4);
+  const bool ok = BLI_path_extension_replace(
+      mtl_filepath_.data(), mtl_filepath_.size() + 1, ".mtl");
   if (!ok) {
     throw std::system_error(ENAMETOOLONG, std::system_category(), "");
   }

source/blender/io/wavefront_obj/tests/obj_exporter_tests.cc

@@ -279,7 +279,8 @@ class obj_exporter_regression_test : public obj_exporter_test {
     strncpy(params.filepath, out_file_path.c_str(), FILE_MAX - 1);
     params.blen_filepath = bfile->main->filepath;
     std::string golden_file_path = blender::tests::flags_test_asset_dir() + SEP_STR + golden_obj;
-    BLI_split_dir_part(golden_file_path.c_str(), params.file_base_for_tests, PATH_MAX);
+    BLI_split_dir_part(
+        golden_file_path.c_str(), params.file_base_for_tests, sizeof(params.file_base_for_tests));
     export_frame(depsgraph, params, out_file_path.c_str());
     std::string output_str = read_temp_file_in_string(out_file_path);