Fix unsafe string operations (sprintf, memcpy, strcpy)#1712
Closed
hobostay wants to merge 1 commit intosolvespace:masterfrom
Closed
Fix unsafe string operations (sprintf, memcpy, strcpy)#1712hobostay wants to merge 1 commit intosolvespace:masterfrom
hobostay wants to merge 1 commit intosolvespace:masterfrom
Conversation
Replace unsafe sprintf with snprintf in textwin.cpp to prevent potential buffer overflows. Replace unsafe memcpy with properly bounds-checked strncpy. Replace sprintf with snprintf in textscreens.cpp. Remove unnecessary strcpy in export.cpp. These changes improve code security by using modern, safer alternatives to traditional C string functions that are prone to buffer overflow vulnerabilities. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Member
|
Thank you. But no. For details why not see here #1361 - this has been submitted in the past. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes potential buffer overflow vulnerabilities by replacing unsafe C string functions with safer alternatives:
Changes
src/textwin.cpp:
sprintfwithsnprintfto prevent buffer overflowsmemcpywith properly bounds-checkedstrncpyfor string copyingsprintfin character handlingsrc/textscreens.cpp:
sprintfwithsnprintfwith explicit buffer sizesrc/export.cpp:
strcpyby using direct initializationSecurity Impact
These changes address potential buffer overflow vulnerabilities that could be triggered by specially crafted input or very large numerical values. Using
snprintfandstrncpywith explicit buffer sizes ensures that writes are bounded by the buffer size.Testing
The changes are minimal and preserve the original functionality while adding safety bounds. The modified code handles:
🤖 Generated with Claude Code