Convert all CPLsprintf -> CPLsnprintf
Using INT_MAX for a byte limited snprintf defeats the purpose of snprintf and allows for buffer overflows. Convert all CPLsprintf -> CPLsnprintf with the proper byte counts.
int CPLsprintf(char *str, const char* fmt, ...)
{
va_list args;
va_start( args, fmt );
// TODO: Danger! Using INT_MAX allows for buffer overflows.
int ret = CPLvsnprintf( str, INT_MAX, fmt, args );
va_end( args );
return ret;
}
find . -name \*.cpp | xargs grep CPLsprintf | wc -l
144
Change History
(4)
Description: |
modified (diff)
|
Status: |
new → assigned
|
Summary: |
Convert all CPLsprintf -> CPLvsnprintf → Convert all CPLsprintf -> CPLsnprintf
|
Resolution: |
→ fixed
|
Status: |
assigned → closed
|
trunk r32078 "Replace all instances of sprintf()/CPLsprintf() with snprintf()/CPLsnprintf(), and on Unix builds deprecate sprintf()/CPLsprintf() use in GDAL compilation (#6209)"