Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

d.labels: Fix buffer overflow issues in do_labels.c #4041

Merged
merged 17 commits into from
Jul 26, 2024
Merged

d.labels: Fix buffer overflow issues in do_labels.c #4041

merged 17 commits into from
Jul 26, 2024

Conversation

ShubhamDesai
Copy link
Contributor

This pull request addresses multiple warnings identified by cppcheck related to potential buffer overflow issues.

Issues:

  1. do_labels.c:87:13: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]
    sscanf(text, "%*s %s", buff);
  2. do_labels.c:97:13: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]
    sscanf(text, "%*s %s", buff);
  3. do_labels.c:101:13: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]
    sscanf(text, "%*s %s", buff);
  4. do_labels.c:105:13: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]
    sscanf(text, "%*s %s", buff);
  5. do_labels.c:118:17: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]
    if (sscanf(text, "%*s %s", font) != 1 || !strcmp(font, "standard"))
  6. do_labels.c:126:13: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]
    sscanf(text, "%*s %s", buff);
  7. do_labels.c:455:13: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]
    switch (sscanf(buf, "%s%s", word1, word2))

Changes Made:
Added field width specifiers to the sscanf calls to prevent buffer overflows.

The field width is one less than the buffer size.
buff[128] -> %127s
font[256] -> %255s
word1[50], word2[50] -> %49s

@github-actions github-actions bot added C Related code is in C module display labels Jul 12, 2024
@ShubhamDesai ShubhamDesai changed the title display: Fix buffer overflow issues in do_labels.c d.labels: Fix buffer overflow issues in do_labels.c Jul 12, 2024
@nilason
Copy link
Contributor

nilason commented Jul 12, 2024

Please consider using pre-commit, which will solve e.g. clang-format issues before going to the CIs.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 12, 2024
View reviewed changes
display/d.labels/do_labels.c Outdated Show resolved Hide resolved
Shubham Vasudeo Desai and others added 2 commits July 12, 2024 14:27
handled EOF case
b5d55de
@ShubhamDesai @github-actions
Update display/d.labels/do_labels.c
4fac5b4 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Shubham Vasudeo Desai and others added 7 commits July 15, 2024 14:32
used snprintf
69ea2f3
Conflicts resolved
cc486c0
@ShubhamDesai @github-actions
Update display/d.labels/do_labels.c
0c5bc87 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@ShubhamDesai @github-actions
Update display/d.labels/do_labels.c
9fa31eb 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@ShubhamDesai @github-actions
Update display/d.labels/do_labels.c
a09ff6d 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
clang_format_check
5adf0c8
Merge remote-tracking branch 'origin/issue_24' into issue_24
6daef0b
nilason
nilason requested changes Jul 16, 2024
View reviewed changes
Copy link
Contributor

@nilason nilason left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added some minor suggestions below.

Also, please add the new size constant to the font[] variable at line 40.

display/d.labels/do_labels.c Outdated Show resolved Hide resolved
display/d.labels/do_labels.c Outdated Show resolved Hide resolved
display/d.labels/do_labels.c Outdated Show resolved Hide resolved
display/d.labels/do_labels.c Outdated Show resolved Hide resolved
@ShubhamDesai @github-actions
Update display/d.labels/do_labels.c
57e5df4 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
nilason
nilason requested changes Jul 16, 2024
View reviewed changes
display/d.labels/do_labels.c Outdated Show resolved Hide resolved
display/d.labels/do_labels.c Outdated Show resolved Hide resolved
@nilason nilason merged commit cd0687f into OSGeo:main Jul 26, 2024
26 checks passed
@nilason nilason added this to the 8.5.0 milestone Jul 26, 2024
@a0x8o a0x8o mentioned this pull request Jul 30, 2024
Merged
Mahesh1998 pushed a commit to Mahesh1998/grass that referenced this pull request Sep 19, 2024
@ShubhamDesai @Mahesh1998
d.labels: Fix buffer overflow issues (OSGeo#4041)
675a560 
Addresses multiple warnings identified by cppcheck related to
potential buffer overflow issues. Added field width specifiers
to the sscanf calls to prevent buffer overflows.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@lbartoletti lbartoletti lbartoletti left review comments

@nilason nilason nilason approved these changes

Assignees
No one assigned
Labels
C Related code is in C display module
Projects
None yet
Milestone
8.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@ShubhamDesai @nilason @lbartoletti