Opened 8 years ago
Last modified 8 years ago
#6209 closed defect
Convert all CPLsprintf -> CPLsnprintf — at Version 1
| Reported by: | Kurt Schwehr | Owned by: | Kurt Schwehr |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | default | Version: | svn-trunk |
| Severity: | normal | Keywords: | security bufferoverflow |
| Cc: |
Description (last modified by )
Using INT_MAX for a byte limited snprintf defeats the purpose of snprintf and allows for buffer overflows. Convert all CPLsprintf -> CPLsnprintf with the proper byte counts.
int CPLsprintf(char *str, const char* fmt, ...)
{
va_list args;
va_start( args, fmt );
// TODO: Danger! Using INT_MAX allows for buffer overflows.
int ret = CPLvsnprintf( str, INT_MAX, fmt, args );
va_end( args );
return ret;
}
find . -name \*.cpp | xargs grep CPLsprintf | wc -l
144
Change History (1)
comment:1 by , 8 years ago
| Description: | modified (diff) |
|---|---|
| Status: | new → assigned |
| Summary: | Convert all CPLsprintf -> CPLvsnprintf → Convert all CPLsprintf -> CPLsnprintf |
Note:
See TracTickets
for help on using tickets.
