Opened 8 years ago
Last modified 8 years ago
#6209 closed defect
Convert all CPLsprintf -> CPLvsnprintf — at Initial Version
| Reported by: | Kurt Schwehr | Owned by: | Kurt Schwehr |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | default | Version: | svn-trunk |
| Severity: | normal | Keywords: | security bufferoverflow |
| Cc: |
Description
Using INT_MAX for a byte limited snprintf defeats the purpose of snprintf and allows for buffer overflows. Convert all CPLsprintf -> CPLvsnprintf with the proper byte counts.
int CPLsprintf(char *str, const char* fmt, ...)
{
va_list args;
va_start( args, fmt );
// TODO: Danger! Using INT_MAX allows for buffer overflows.
int ret = CPLvsnprintf( str, INT_MAX, fmt, args );
va_end( args );
return ret;
}
find . -name \*.cpp | xargs grep CPLsprintf | wc -l
144
Note:
See TracTickets
for help on using tickets.
