'[vtk-developers] sprintf into fixed length strings in tcl wrapping'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vtk-developers
Subject:    [vtk-developers] sprintf into fixed length strings in tcl wrapping
From:       "Steve Pieper" <pieper () bwh ! harvard ! edu>
Date:       2005-11-18 20:39:33
Message-ID: 437E3C05.8020107 () bwh ! harvard ! edu
[Download RAW message or body]

Hi -

I noticed (the hard way) that if the name of a class instance is very 
long the tcl wrapping code can write over the end of a char array on the 
stack.  I fixed these with what I believe are the correct dynamic string 
functions from Tcl (diff's attached).

I filed a vtk bug here:
http://www.vtk.org/Bug/bug.php?op=show&bugid=2505&pos=0

The original slicer bug that led to the issue is here:
http://www.na-mic.org/Bug/bug.php?op=show&bugid=111&pos=

This obviously hasn't caused much trouble in general, but since it 
corrupts memory it ought to be fixed.

Thanks,
-Steve

["vtkTclUtil.cxx-diff" (text/plain)]

Index: vtkTclUtil.cxx
===================================================================
RCS file: /cvsroot/VTK/VTK/Common/vtkTclUtil.cxx,v
retrieving revision 1.81
diff -r1.81 vtkTclUtil.cxx
364,365c364,366
<     sprintf(temps,"vtk bad argument, could not find object named %s\n", name);
<     Tcl_AppendResult(interp,temps,NULL);
---
> Tcl_Obj *resobj = Tcl_NewStringObj ("vtk bad argument, could not find object named \
> ", -1); Tcl_AppendStringsToObj (resobj, name, (char *) NULL);
> Tcl_SetObjResult(interp, resobj);
377,378c378,380
<     sprintf(temps,"vtk bad argument, could not find command process for %s.\n", \
name); <     Tcl_AppendResult(interp,temps,NULL);
---
> Tcl_Obj *resobj = Tcl_NewStringObj ("vtk bad argument, could not find command \
> process for ", -1); Tcl_AppendStringsToObj (resobj, name, (char *) NULL);
> Tcl_SetObjResult(interp, resobj);
406,407c408,410
<     sprintf(temps,"vtk bad argument, type conversion failed for object %s.\nCould \
not type convert %s which is of type %s, to type %s.\n", name, name, i->result, \
result_type); <     Tcl_AppendResult(interp,temps,NULL);
---
> Tcl_Obj *resobj = Tcl_NewStringObj ("vtk bad argument, type conversion failed for \
> object ", -1); Tcl_AppendStringsToObj (resobj, name, "\nCould not type convert ", \
> name, " which is of type ", i->result, ", to type ", result_type, ".\n", (char *) \
> NULL); Tcl_SetObjResult(interp, resobj);


["vtkWrapTcl.c-diff" (text/plain)]

Index: vtkWrapTcl.c
===================================================================
RCS file: /cvsroot/VTK/VTK/Wrapping/vtkWrapTcl.c,v
retrieving revision 1.34.6.1
diff -r1.34.6.1 vtkWrapTcl.c
712c712
<   fprintf(fp,"    char temps2[256];\n    sprintf(temps2,\"Object named: %%s, could \
not find requested method: %%s\\nor the method was called with incorrect \
arguments.\\n\",argv[0],argv[1]);\n    Tcl_AppendResult(interp,temps2,NULL);\n    \
                }\n");
---
> fprintf(fp,"    Tcl_Obj *resobj;\n    resobj = Tcl_NewStringObj(\"Object named: \", \
> -1);\n    Tcl_AppendStringsToObj(resobj, argv[0], \" could not find requested \
> method: \", argv[1],  \"\\nor the method was called with incorrect arguments.\\n\", \
> (char *) NULL);\n    Tcl_SetObjResult(interp,resobj);\n    }\n");



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic