Opened 8 years ago
Last modified 8 years ago
#6209 closed defect
Convert all CPLsprintf -> CPLsnprintf — at Version 1
Reported by: | Kurt Schwehr | Owned by: | Kurt Schwehr |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | default | Version: | svn-trunk |
Severity: | normal | Keywords: | security bufferoverflow |
Cc: |
Description (last modified by )
Using INT_MAX for a byte limited snprintf defeats the purpose of snprintf and allows for buffer overflows. Convert all CPLsprintf -> CPLsnprintf with the proper byte counts.
int CPLsprintf(char *str, const char* fmt, ...) { va_list args; va_start( args, fmt ); // TODO: Danger! Using INT_MAX allows for buffer overflows. int ret = CPLvsnprintf( str, INT_MAX, fmt, args ); va_end( args ); return ret; }
find . -name \*.cpp | xargs grep CPLsprintf | wc -l 144
Change History (1)
comment:1 by , 8 years ago
Description: | modified (diff) |
---|---|
Status: | new → assigned |
Summary: | Convert all CPLsprintf -> CPLvsnprintf → Convert all CPLsprintf -> CPLsnprintf |
Note:
See TracTickets
for help on using tickets.