[GRASS-dev] G7.0.svn: g.remove segfault
Vaclav Petras
wenzeslaus at gmail.com
Sat Jun 27 18:14:57 PDT 2015
On Fri, Jun 26, 2015 at 3:54 PM, Sören Gebbert <soerengebbert at googlemail.com
> wrote:
> >> may i suggest a patch to solve this issue?
> >
> >
> > Sure!
>
> Ok, i will commit the patch.
>
> >
> > I'm not sure if I can judge the path. However, sprintf is used a lot in
> > GRASS, so I'm not sure if we can just replace it with other function
> without
> > understanding what is the issue (at least I don't understand).
>
> All sprintf calls in GRASS should be replaced by G_snprintf() because
> sprintf is by design unsafe and the result of many buffer overflows
> and eventually exploits. sprintf does not check the size of the target
> buffer but G_snprintf does (if used correctly).
>
> > As for the magic number there, there is G_PATH_MAX or something, perhaps
> > that would be more appropriate.
>
> Yes, it would.
When I said "G_PATH_MAX or something" I meant that you should check me not
commit without even compiling the code :-) Fixed in r65525 after
compilation and tests*.
Vaclav
* although there are no tests testing colr2
https://trac.osgeo.org/grass/changeset/65524
https://trac.osgeo.org/grass/changeset/65525
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/grass-dev/attachments/20150627/cd311f81/attachment.html>
More information about the grass-dev
mailing list