Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#6209 closed defect (fixed)

Convert all CPLsprintf -> CPLsnprintf

Reported by: Kurt Schwehr Owned by: Kurt Schwehr
Priority: normal Milestone:
Component: default Version: svn-trunk
Severity: normal Keywords: security bufferoverflow
Cc:

Description (last modified by Kurt Schwehr)

Using INT_MAX for a byte limited snprintf defeats the purpose of snprintf and allows for buffer overflows. Convert all CPLsprintf -> CPLsnprintf with the proper byte counts.

int CPLsprintf(char *str, const char* fmt, ...)
{
    va_list args;

    va_start( args, fmt );
    // TODO: Danger!  Using INT_MAX allows for buffer overflows.
    int ret = CPLvsnprintf( str, INT_MAX, fmt, args );
    va_end( args );
    return ret;
}
find . -name \*.cpp | xargs grep CPLsprintf | wc -l
     144

Change History (4)

comment:1 by Kurt Schwehr, 8 years ago

Description: modified (diff)
Status: newassigned
Summary: Convert all CPLsprintf -> CPLvsnprintfConvert all CPLsprintf -> CPLsnprintf

comment:2 by Even Rouault, 8 years ago

Resolution: fixed
Status: assignedclosed

trunk r32078 "Replace all instances of sprintf()/CPLsprintf() with snprintf()/CPLsnprintf(), and on Unix builds deprecate sprintf()/CPLsprintf() use in GDAL compilation (#6209)"

comment:3 by Even Rouault, 8 years ago

trunk r32079 "Fix wrong use of snprintf due to buffer being a pointer and not an array (reported by clang, #6209)"

comment:4 by Even Rouault, 8 years ago

Note: See TracTickets for help on using tickets.