Coding - Dangerous use of 'cin' (#681)

- Replaced hardcoded buffer sizes with `constexpr size_t aBufferSize` constants - Added `width()` calls to input streams before reading to prevent buffer overflows - Applied consistent buffer size management across multiple input operations
2025-08-19 13:40:49 +03:00 · 2025-08-17 21:03:18 +01:00
parent 5c8756830f
commit 5c814b0f0f
3 changed files with 18 additions and 6 deletions
--- a/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx
+++ b/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx
@@ -3038,8 +3038,10 @@ Standard_Integer IFSelect_Functions::GiveEntityNumber(const Handle(IFSelect_Work
  Standard_Integer num = 0;
  if (!name || name[0] == '\0')
  {
-    char ligne[80];
+    constexpr size_t aBufferSize = 80;
+    char             ligne[aBufferSize];
    ligne[0] = '\0';
+    std::cin.width(aBufferSize);
    std::cin >> ligne;
    //    std::cin.clear();  std::cin.getline (ligne,79);
    if (ligne[0] == '\0')
--- a/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx
+++ b/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx
@@ -554,7 +554,9 @@ static Standard_Integer interpol(Draw_Interpretor& di, Standard_Integer n, const
    Standard_Integer nbp, i;
    Standard_Real    x, y, z;
    iFile >> nbp;
-    char dimen[3];
+    constexpr size_t aBufferSize = 3;
+    char             dimen[aBufferSize];
+    iFile.width(aBufferSize);
    iFile >> dimen;
    if (!strcmp(dimen, "3d"))
    {
--- a/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx
+++ b/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx
@@ -91,8 +91,10 @@ static Standard_Integer GiveEntityNumber(const Handle(XSControl_WorkSession)& WS
  Standard_Integer num = 0;
  if (!name || name[0] == '\0')
  {
-    char ligne[80];
+    constexpr size_t aBufferSize = 80;
+    char             ligne[aBufferSize];
    ligne[0] = '\0';
+    std::cin.width(aBufferSize);
    std::cin >> ligne;
    //    std::cin.clear();  std::cin.getline (ligne,79);
    if (ligne[0] == '\0')
@@ -221,7 +223,9 @@ static Standard_Integer igesbrep(Draw_Interpretor& theDI,
      modepri = -1;

      // amv 26.09.2003 : this is used to avoid error of enter's symbol
-      char str[80];
+      constexpr size_t aBufferSize = 80;
+      char             str[aBufferSize];
+      std::cin.width(aBufferSize);
      std::cin >> str;
      modepri = Draw::Atoi(str);
    }
@@ -267,7 +271,9 @@ static Standard_Integer igesbrep(Draw_Interpretor& theDI,
                  << std::flush;
        answer = -1;
        // amv 26.09.2003
-        char str_a[80];
+        constexpr size_t aBufferSize = 80;
+        char             str_a[aBufferSize];
+        std::cin.width(aBufferSize);
        std::cin >> str_a;
        answer = Draw::Atoi(str_a);
      }
@@ -454,7 +460,9 @@ static Standard_Integer igesbrep(Draw_Interpretor& theDI,
                    << std::flush;
          answer = -1;
          // anv 26.09.2003
-          char str_answer[80];
+          constexpr size_t aBufferSize = 80;
+          char             str_answer[aBufferSize];
+          std::cin.width(aBufferSize);
          std::cin >> str_answer;
          answer = Draw::Atoi(str_answer);
        }