[GRASS5] Buffer overflow in G_recreate_command()...
Radim Blazek
Radim.Blazek at dhv.cz
Mon Jun 4 02:36:46 EDT 2001
"Eric G. Miller" wrote:
>
> I thought it'd be great to add category limiting ability to d.area, but
> it seems it's possible to crash the monitor when G_recreate_command() is
> called and the command line is > 1024 characters. For instance, I have
> a vector here with about 9000 categories, and I want to display the
> first five hundred as orange.
>
> GRASS ~> d.area map=mymap fillcolor=orange linecolor=white \
> category=$(seq -s ',' 1 500)
>
> This generates a command line greater than 1024 bytes, leading to a
> unterminated charachter buffer which eventually causes the monitor to
> crash. (G_recreate_command() uses a static buff[1024] ...).
>
> I wonder if the buffers for G_recreate_command() and the display drivers
> (at least for the pad list) should be up to ARG_MAX or at least
> _POSIX_ARG_MAX which must be at least 4096. G_recreate_command() should
> also have better behavior when it's limits are reached (it currently
> abuses strcat).
>
> Any thoughts?
BTW: In grass51 d.vect has cat= option which accepts strings like:
cat=1,28,156-217,512 or cat=1-500 for you
and it is based on new function
Vect_str_to_cat_list (char *str, struct cat_list *list)
Radim
More information about the grass-dev
mailing list