From db466e9578784c5e5dc5a50c67816e481294cb8b Mon Sep 17 00:00:00 2001
From: Campbell Barton <campbell@blender.org>
Date: Thu, 28 Mar 2024 11:40:24 +1100
Subject: [PATCH] Fix buffer overflow from passing undersized buffers to
 BLI_path_abs

---
 source/blender/io/usd/intern/usd_asset_utils.cc | 5 ++++-
 source/blender/render/intern/render_result.cc   | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/source/blender/io/usd/intern/usd_asset_utils.cc b/source/blender/io/usd/intern/usd_asset_utils.cc
index 95bac8d85bc..9d26a0fb169 100644
--- a/source/blender/io/usd/intern/usd_asset_utils.cc
+++ b/source/blender/io/usd/intern/usd_asset_utils.cc
@@ -303,7 +303,10 @@ std::string import_asset(const char *src,
                   src);
       return src;
     }
-    BLI_path_abs(dest_dir_path, basepath);
+    char path_temp[FILE_MAX];
+    STRNCPY(path_temp, dest_dir_path);
+    BLI_path_abs(path_temp, basepath);
+    STRNCPY(dest_dir_path, path_temp);
   }
 
   BLI_path_normalize(dest_dir_path);
diff --git a/source/blender/render/intern/render_result.cc b/source/blender/render/intern/render_result.cc
index 735b7a89971..d4a30ce070a 100644
--- a/source/blender/render/intern/render_result.cc
+++ b/source/blender/render/intern/render_result.cc
@@ -1014,7 +1014,10 @@ static void render_result_exr_file_cache_path(Scene *sce,
 
   BLI_path_join(r_path, FILE_CACHE_MAX, root, filename_full);
   if (BLI_path_is_rel(r_path)) {
-    BLI_path_abs(r_path, dirname);
+    char path_temp[FILE_MAX];
+    STRNCPY(path_temp, r_path);
+    BLI_path_abs(path_temp, dirname);
+    BLI_strncpy(r_path, path_temp, FILE_CACHE_MAX);
   }
 }