'Possible buffer overflow in kdecore/kdebug.cpp?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Possible buffer overflow in kdecore/kdebug.cpp?
From:       Ingo =?iso-8859-15?q?Kl=F6cker?= <ingo.kloecker () epost ! de>
Date:       2002-03-07 17:04:44
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I just spotted the following in static void kDebugBackend( unsigned 
short nLevel, unsigned int nArea, const char *data) in 
kdecore/kdebug.cpp:
=====
  char buf[4096] = "";
  int nSize;
  if ( !kDebug_data->aAreaName.isEmpty() )
    nSize = sprintf( buf, "%s: %s", kDebug_data->aAreaName.ascii(), 
data);
  else
    nSize = sprintf( buf, "%s", data);
=====

Can we always guarantee that data is shorter than 4096 byte? I didn't 
see any code which checks the length of data.
IMO this should be changed to something like this
=====
  const int BUFSIZE = 4096;
  char buf[BUFSIZE] = "";
  int nSize;
  if ( !kDebug_data->aAreaName.isEmpty() )
    nSize = snprintf( buf, BUFSIZE, "%s: %s", 
kDebug_data->aAreaName.ascii(), data);
  else
    nSize = snprintf( buf, BUFSIZE, "%s", data);
=====
in order to avoid any problems.

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8h52sqUQWN/hplRsRAihtAJ9YCsHruFbRsnrt2p2afu7mYvM6HACff32W
OhVtlS6kVAT+AVooDT80KpI=
=DXwa
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic