Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

d.labels: Fix buffer overflow issues in do_labels.c #4041

Merged
merged 17 commits into from
Jul 26, 2024
Merged
59 changes: 39 additions & 20 deletions display/d.labels/do_labels.c
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,22 @@
#include <grass/glocale.h>
#include "local_proto.h"

#define NL 012
#define TAB 011
#define BACK 0134
#define MTEXT 1024

#define TOP 0
#define CENT 1
#define BOT 2
#define LEFT 0
#define RITE 2
#define YES 1
#define NO 0
#define NL 012
#define TAB 011
#define BACK 0134
#define MTEXT 1024

#define TOP 0
#define CENT 1
#define BOT 2
#define LEFT 0
#define RITE 2
#define YES 1
#define NO 0

#define BUFFSIZE 128
#define FONTSIZE 256
#define WORDSIZE 50

static double east;
static double north;
Expand Down Expand Up @@ -67,7 +71,15 @@ int initialize_options(void)

int do_labels(FILE *infile, int do_rotation)
{
char buff[128];
char buff[BUFFSIZE];
char buff_fmt[10];
char font_fmt[10];
char word_fmt[10];
nilason marked this conversation as resolved.
Show resolved Hide resolved

snprintf(buff_fmt, sizeof(buff_fmt), "%%%ds", BUFFSIZE - 1);
snprintf(font_fmt, sizeof(font_fmt), "%%%ds", FONTSIZE - 1);
nilason marked this conversation as resolved.
Show resolved Hide resolved
snprintf(word_fmt, sizeof(word_fmt), "%%%ds%%%ds", WORDSIZE - 1,
WORDSIZE - 1);

initialize_options();

Expand All @@ -84,7 +96,7 @@ int do_labels(FILE *infile, int do_rotation)
else if (!strncmp(text, "yof", 3))
sscanf(text, "%*s %d", &yoffset);
else if (!strncmp(text, "col", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
set_RGBA_from_str(&color, buff);
}
else if (!strncmp(text, "siz", 3))
Expand All @@ -94,15 +106,15 @@ int do_labels(FILE *infile, int do_rotation)
else if (!strncmp(text, "wid", 3))
sscanf(text, "%*s %lf", &width);
else if (!strncmp(text, "bac", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
set_RGBA_from_str(&background, buff);
}
else if (!strncmp(text, "bor", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
set_RGBA_from_str(&border, buff);
}
else if (!strncmp(text, "opa", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
if (!strncmp(buff, "YES", 3))
opaque = YES;
else
Expand All @@ -115,15 +127,16 @@ int do_labels(FILE *infile, int do_rotation)
}
}
else if (!strncmp(text, "fon", 3)) {
if (sscanf(text, "%*s %s", font) != 1 || !strcmp(font, "standard"))
if (sscanf(text, font_fmt, font) != 1 || !strcmp(font, "standard"))

ShubhamDesai marked this conversation as resolved.
Show resolved Hide resolved
strcpy(font, std_font);
}
else if (!strncmp(text, "rot", 3)) {
if (do_rotation)
sscanf(text, "%*s %lf", &rotation);
}
else if (!strncmp(text, "hco", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
set_RGBA_from_str(&highlight_color, buff);
}
else if (!strncmp(text, "hwi", 3))
Expand Down Expand Up @@ -452,7 +465,11 @@ int scan_ref(char *buf)
if (buf[i] >= 'A' && buf[i] <= 'Z')
buf[i] += 'a' - 'A';
xref = yref = CENT;
switch (sscanf(buf, "%s%s", word1, word2)) {
char word_fmt[10];
snprintf(word_fmt, sizeof(word_fmt), "%%%ds%%%ds", WORDSIZE - 1,
WORDSIZE - 1);
nilason marked this conversation as resolved.
Show resolved Hide resolved

ShubhamDesai marked this conversation as resolved.
Show resolved Hide resolved
switch (sscanf(buf, word_fmt, word1, word2)) {
case 2:
if (!(xmatch(word2) || ymatch(word2)))
return 0;
Expand All @@ -461,6 +478,8 @@ int scan_ref(char *buf)
if (xmatch(word1) || ymatch(word1))
return 1;
FALLTHROUGH;
case EOF:
FALLTHROUGH;
nilason marked this conversation as resolved.
Show resolved Hide resolved
default:
return 0;
}
Expand Down
Loading