Opened 13 months ago

Closed 13 months ago

Last modified 13 months ago

#6943 closed defect (fixed)

Potential unsafe uses of snprintf() / vsnprintf() with VS < 2015

Reported by: Even Rouault Owned by: warmerdam
Priority: normal Milestone:
Component: default Version: unspecified
Severity: normal Keywords:
Cc:

Description

We use the _snprintf() and _vsnprintf() implementations of the Microsoft C runtime for VS < 2015. But those functions have at least 2 differences with C99 requirements :

  • they return -1 if the buffer isn't large enough, instead of the number of bytes that would have been written if the buffer was large enough. The return value of those functions is rarely used in the code base
  • more annoying, if the buffer isn't large enough, they don't NUL terminate it

Change History (6)

comment:1 Changed 13 months ago by Even Rouault

In 39285:

ENVISAT: correctly use return value of snprintf() (refs #6943)

comment:2 Changed 13 months ago by Even Rouault

Resolution: fixed
Status: newclosed

In 39286:

Make sure snprintf()/vsnprintf() always nul-terminate for MSVC < 2015 (fixes #6943)

comment:3 Changed 13 months ago by Even Rouault

In 39287:

Shapelib: explictly nul-terminate after snprintf() in shapelib standalone mode (within GDAL, this is now safe since r39286, refs #6943)

comment:4 Changed 13 months ago by Even Rouault

In 39288:

ENVISAT: fix MSVC compilation breakage of r39285 (refs #6943)

comment:5 Changed 13 months ago by Even Rouault

In 39291:

libopencad: fix compilation error with VS 2013 (refs #6943)

comment:6 Changed 13 months ago by Even Rouault

In 39292:

ECW: fix Windows compilation against old ECW SDK and VS < 2015 (refs #6943)

Note: See TracTickets for help on using tickets.