Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#6943 closed defect (fixed)

Potential unsafe uses of snprintf() / vsnprintf() with VS < 2015

Reported by: Even Rouault Owned by: warmerdam
Priority: normal Milestone:
Component: default Version: unspecified
Severity: normal Keywords:
Cc:

Description

We use the _snprintf() and _vsnprintf() implementations of the Microsoft C runtime for VS < 2015. But those functions have at least 2 differences with C99 requirements :

  • they return -1 if the buffer isn't large enough, instead of the number of bytes that would have been written if the buffer was large enough. The return value of those functions is rarely used in the code base
  • more annoying, if the buffer isn't large enough, they don't NUL terminate it

Change History (6)

comment:1 by Even Rouault, 7 years ago

In 39285:

ENVISAT: correctly use return value of snprintf() (refs #6943)

comment:2 by Even Rouault, 7 years ago

Resolution: fixed
Status: newclosed

In 39286:

Make sure snprintf()/vsnprintf() always nul-terminate for MSVC < 2015 (fixes #6943)

comment:3 by Even Rouault, 7 years ago

In 39287:

Shapelib: explictly nul-terminate after snprintf() in shapelib standalone mode (within GDAL, this is now safe since r39286, refs #6943)

comment:4 by Even Rouault, 7 years ago

In 39288:

ENVISAT: fix MSVC compilation breakage of r39285 (refs #6943)

comment:5 by Even Rouault, 7 years ago

In 39291:

libopencad: fix compilation error with VS 2013 (refs #6943)

comment:6 by Even Rouault, 7 years ago

In 39292:

ECW: fix Windows compilation against old ECW SDK and VS < 2015 (refs #6943)

Note: See TracTickets for help on using tickets.