griefith/test2
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix #129691: heap buffer overflow when writing unaligned data to .blend file

Browse Source 
`writedata` used to align the written buffer size to a multiple of 4. This
causes multiple issues:
* Writes uninitialized data.
* Crash with ASAN due to a heap buffer overflow if the buffer is not any longer
  than what is passed in.
* Modifies the length of the buffer which can't be undone when reading the
  buffer again.

I don't know of any reason for this alignment here. I'd think that it doesn't
matter when writing to a file. If it would matter, then we should probably align
to at least 8 nowadays because that's the alignment of pointers. The original
reason for this alignment seems to be lost to history. It was already part of
the initial commit.

Pull Request: https://projects.blender.org/blender/blender/pulls/129821
This commit is contained in:
Jacques Lucke
2024-11-05 15:51:37 +01:00
parent 4033a95191
commit 9d87291c40
1 changed files with 0 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source/blender/blenloader/intern/writefile.cc
View File

@@ -771,9 +771,6 @@ static void writedata(WriteData *wd, int filecode, size_t len, const void *adr)
return;
}
/* Align to 4 (writes uninitialized bytes in some cases). */
len = (len + 3) & ~size_t(3);
if (len > INT_MAX) {
BLI_assert_msg(0, "Cannot write chunks bigger than INT_MAX.");
return;