Maniphest T70000

very long operator name crashes upon addon activation
Closed, Resolved

Assigned To
Jacques Lucke (JacquesLucke)
Authored By
Jakub Uhlik (carbon14)
Sep 18 2019, 1:28 AM
Tags
  • BF Blender
Subscribers
Brendon Murphy (meta-androcto)
Campbell Barton (campbellbarton)
Jacques Lucke (JacquesLucke)
Jakub Uhlik (carbon14)
Jesse Yurkovich (deadpin)

Description

System Information
Operating system: Darwin-16.7.0-x86_64-i386-64bit 64 Bits
Graphics card:

Blender Version
Broken: version: 2.80 (sub 75), branch: master, commit date: 2019-07-29 14:47, hash: rBf6cb5f54494e
Worked: (optional)

Short description of error
very long operator name crashes upon addon activation

Exact steps for others to reproduce the error
install example addon, try to enable in preferences

Related Objects

Mentioned In
T101803: Max length Operator bl_idname is truncated 1 character
Mentioned Here
rB4e9aadac5e77: Fix T70033: Crash editing keymap operator

Event Timeline

Jakub Uhlik (carbon14) created this task.Sep 18 2019, 1:28 AM
Brendon Murphy (meta-androcto) added subscribers: Campbell Barton (campbellbarton), Brendon Murphy (meta-androcto).Sep 18 2019, 10:39 AM

@Campbell Barton (campbellbarton) this seems a little like a forced error, users should not do this nor expect it to work. It deliberately defies pep8 just to prove a point.
Unfortunately it's a real thing I guess, so users should be prevented from taking this action?

Jacques Lucke (JacquesLucke) changed the task status from Unknown Status to Resolved.Sep 18 2019, 11:27 AM
Jacques Lucke (JacquesLucke) claimed this task.
Jacques Lucke (JacquesLucke) added a subscriber: Jacques Lucke (JacquesLucke).

I get the following error message:

Traceback (most recent call last):
  File "/Text", line 31, in <module>
  File "/Text", line 22, in register
RuntimeError: Error: Registering operator class: 'EXAMPLE_OT_some_quite_a_long_name_for_an_operator_to_handle_and_a_bit_more_characters_to_make_sure_it_crashes', invalid bl_idname 'example_ops.some_quite_a_long_name_for_an_operator_to_handle_an', is too long, maximum length is 61

This is a perfectly valid limitation imo (could be improved in the future, but I don't see a big benefit).
This is not a bug in Blender but in the addon.

Jesse Yurkovich (deadpin) added a subscriber: Jesse Yurkovich (deadpin).Sep 18 2019, 11:38 AM

I get a crash here. How did you try the addon? I did a real Install from preferences and then attempted to enable it, leading to the following.

The stack based idname_bl array has been overrun:

Run-Time Check Failure #2 - Stack around the variable 'idname_bl' was corrupted.

blender.exe!WM_operatortype_find(const unsigned char * idname, bool quiet) Line 90	C
blender.exe!rna_Operator_register(Main * bmain, ReportList * reports, void * data, const unsigned char * identifier, int(*)(PointerRNA *, void *, int *) validate, int(*)(bContext *, PointerRNA *, FunctionRNA *, ParameterList *) call, void(*)(void *) free) Line 1506	C
blender.exe!pyrna_register_class(_object * UNUSED_self, _object * py_class) Line 8630	C
[External Code]	
blender.exe!bpy_class_call(bContext * C, PointerRNA * ptr, FunctionRNA * func, ParameterList * parms) Line 8313	C
blender.exe!rna_operator_execute_cb(bContext * C, wmOperator * op) Line 1299	C
blender.exe!wm_operator_invoke(bContext * C, wmOperatorType * ot, wmEvent * event, PointerRNA * properties, ReportList * reports, const bool poll_only, bool use_last_properties) Line 1451	C
blender.exe!wm_operator_call_internal(bContext * C, wmOperatorType * ot, PointerRNA * properties, ReportList * reports, const short context, const bool poll_only, wmEvent * event) Line 1652	C
blender.exe!WM_operator_name_call_ptr(bContext * C, wmOperatorType * ot, short context, PointerRNA * properties) Line 1701	C
blender.exe!ui_apply_but_funcs_after(bContext * C) Line 845	C
blender.exe!ui_handler_region_menu(bContext * C, const wmEvent * event, void * UNUSED_userdata) Line 10222	C
blender.exe!wm_handler_ui_call(bContext * C, wmEventHandler_UI * handler, const wmEvent * event, int always_pass) Line 622	C
blender.exe!wm_handlers_do_intern(bContext * C, wmEvent * event, ListBase * handlers) Line 2731	C
blender.exe!wm_handlers_do(bContext * C, wmEvent * event, ListBase * handlers) Line 2977	C
blender.exe!wm_event_do_handlers(bContext * C) Line 3356	C
blender.exe!WM_main(bContext * C) Line 420	C
Jacques Lucke (JacquesLucke) added a comment.Sep 18 2019, 11:47 AM

I can reproduce the crash when the addon is loaded (I just run it in the text editor).
While this can be considered a security issue in Blender (due to the buffer overflow), we generally cannot avoid security issues when people run arbitrary Python code.

Addons resulting in a crash, because they use the Python API incorrectly, is generally not considered to be a bug in Blender.

Campbell Barton (campbellbarton) added a comment.Sep 23 2019, 5:37 AM

Fixed the crash rB4e9aadac5e7756b0bf3d313ec31cc85770347b8a