[GRASS5] Buffer overflow in G_recreate_command()...
Eric G. Miller
egm2 at jps.net
Sun Jun 3 20:00:53 EDT 2001
I thought it'd be great to add category limiting ability to d.area, but
it seems it's possible to crash the monitor when G_recreate_command() is
called and the command line is > 1024 characters. For instance, I have
a vector here with about 9000 categories, and I want to display the
first five hundred as orange.
GRASS ~> d.area map=mymap fillcolor=orange linecolor=white \
category=$(seq -s ',' 1 500)
This generates a command line greater than 1024 bytes, leading to a
unterminated charachter buffer which eventually causes the monitor to
crash. (G_recreate_command() uses a static buff[1024] ...).
I wonder if the buffers for G_recreate_command() and the display drivers
(at least for the pad list) should be up to ARG_MAX or at least
_POSIX_ARG_MAX which must be at least 4096. G_recreate_command() should
also have better behavior when it's limits are reached (it currently
abuses strcat).
Any thoughts?
--
Eric G. Miller <egm2 at jps.net>
More information about the grass-dev
mailing list