[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Possible buffer overflow in kdecore/kdebug.cpp?
From: Ingo =?iso-8859-15?q?Kl=F6cker?= <ingo.kloecker () epost ! de>
Date: 2002-03-07 17:04:44
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I just spotted the following in static void kDebugBackend( unsigned
short nLevel, unsigned int nArea, const char *data) in
kdecore/kdebug.cpp:
=====
char buf[4096] = "";
int nSize;
if ( !kDebug_data->aAreaName.isEmpty() )
nSize = sprintf( buf, "%s: %s", kDebug_data->aAreaName.ascii(),
data);
else
nSize = sprintf( buf, "%s", data);
=====
Can we always guarantee that data is shorter than 4096 byte? I didn't
see any code which checks the length of data.
IMO this should be changed to something like this
=====
const int BUFSIZE = 4096;
char buf[BUFSIZE] = "";
int nSize;
if ( !kDebug_data->aAreaName.isEmpty() )
nSize = snprintf( buf, BUFSIZE, "%s: %s",
kDebug_data->aAreaName.ascii(), data);
else
nSize = snprintf( buf, BUFSIZE, "%s", data);
=====
in order to avoid any problems.
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8h52sqUQWN/hplRsRAihtAJ9YCsHruFbRsnrt2p2afu7mYvM6HACff32W
OhVtlS6kVAT+AVooDT80KpI=
=DXwa
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic