Opened 11 years ago
Closed 10 years ago
#62 closed defect (fixed)
[geo_print.c:515]: (warning) scanf without field width limits can crash with huge input data.
| Reported by: | dcb | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | libgeotiff | Version: | 1.3.0 |
| Keywords: | Cc: | hobu |
Description
Function DefaultRead doesn't seem to know how large the destination buffer "string" is.
Suggest educate it, so function GTIFImport, local variable "message" doesn't overflow.
Change History (2)
comment:1 by , 10 years ago
| Cc: | added |
|---|
comment:2 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
I see the point about read method (print method does not really have this problem).
The *practice* is that the buffer passed is 1024 bytes long so I am declaring that this is a requirement. I have modified DefaultRead to use a safer format string that enforces this limit so no long lines passed to geotifcp won't cause a crash.
See r2511.
Note:
See TracTickets
for help on using tickets.
I agree this is an issue, but changing it means that both
GTIFReadMethod GTIFPrintMethod
public methods be changed to include a size parameter. I don't know if that is possible. Frank?