On Sun, Sep 23, 2018 at 11:43:38PM +0100, Bruno Postle wrote:
>
>
> On 23 September 2018 13:48:10 BST, Andreas Metzler wrote:
> >
> >building libpano with gcc 8 (instead of 7) triggers a couple of new
> >warnings that might be interesting:
> >
> >parser.c: In function 'ReadImageDescription':
> >parser.c:1854:38: warning: '%s' directive writing up to 65535 bytes
> >into a region of size 256 [-Wformat-overflow=]
> > sprintf( sBuf.destName, "%s", buf );
> > ^~ ~~~
> It looks harmless to me, but my C isn't good enough to say for sure.
The compiler is saying that "sBuf.destName" is declared having a size
of 256, while "buf" is declared as being of size 65536.
When a compiler says such a thing it is usually right.
When this was written, someone probably thought about it and reused
the 65536 byte buffer "buf" for this small task. "buf" Needs to be
65536 bytes long for something else, and is now reused for this
purpose with "max 255" or even less still...
That said... Ignoring these warnings has for years caused serious
security leaks. These warnings didn't exist back then, but we should
take them serious.
In this case,
strncpy ( sBuf.destName, buf, 255);
is a quick rewrite of that specific line that a) avoids the warning
and b) avoids being unsafe even when someone external manages to get
"buf" filled further than expected.
The downside is that the API of strncpy is not convenient and requires
a sBuf.destName[255] = 0; at the end for the code fragment to become
really safe.
I would've liked something along the lines of:
char *mystrncpy (char *dst, char *src, int n)
{
if(!n) return;
n--;
while (*src && n--)
*dst++ = *src++;
*dst++ = 0;
return dst;
}
that always null-terminates the destination string even when the
buffer limit is reached. Alas they did not listen to me when I didn't
know this yet and was only 5 years old.
Roger.
--
+-- Rogier Wolff -- www.harddisk-recovery.nl -- 0800 220 20 20 --
- Datarecovery Services Nederland B.V. Delft. KVK: 30160549 -
| Files foetsie, bestanden kwijt, alle data weg?!
| Blijf kalm en neem contact op met Harddisk-recovery.nl!
--
A list of frequently asked questions is available at:
http://wiki.panotools.org/Hugin_FAQ
---
You received this message because you are subscribed to the Google Groups
"hugin and other free panoramic software" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to hugin-ptx+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/hugin-ptx/20180924130644.GD4427%40BitWizard.nl.
For more options, visit https://groups.google.com/d/optout.
