0023843: scanf without field width limits can crash with huge input data.

Corrected width specifiers and use of buffer arrays in *printf and *scanf functions. Removed unreferenced variable warning. Got rid of compiler warning (returning address of local variable or temporary).
2025-08-04 13:13:25 +03:00 · 2013-04-26 15:29:28 +04:00
parent 3af9db62e0
commit d0e4e57891
8 changed files with 82 additions and 86 deletions
--- a/src/Interface/Interface_Static.cxx
+++ b/src/Interface/Interface_Static.cxx
@@ -25,8 +25,7 @@
 #include <OSD_Path.hxx>
 #include <stdio.h>

-
-static  char defmess[30];
+static char defmess[31];

 //  Fonctions Satisfies offertes en standard ...

@@ -243,18 +242,18 @@ Standard_CString  Interface_Static::CDef
  }
  if (part[0] == 'e') {
    Standard_Integer nume = 0;
-    sscanf (part,"%s %d",defmess,&nume);
+    sscanf (part,"%30s %d",defmess,&nume);
    return stat->EnumVal(nume);
  }
  if (part[0] == 'i') {
    Standard_Integer ilim;
    if (!stat->IntegerLimit((part[2] == 'a'),ilim)) return "";
-    Sprintf(defmess,"%d",ilim);   return defmess;
+    Sprintf(defmess,"%d",ilim);  return defmess;
  }
  if (part[0] == 'r') {
    Standard_Real rlim;
    if (!stat->RealLimit((part[2] == 'a'),rlim)) return "";
-    Sprintf(defmess,"%f",rlim);   return defmess;
+    Sprintf(defmess,"%f",rlim);  return defmess;
  }
  if (part[0] == 'u') return stat->UnitDef();
  return "";
@@ -280,7 +279,7 @@ Standard_Integer  Interface_Static::IDef
    if (part[1] == 'm') return (match ? 1 : 0);
    if (part[1] == 'v') {
      char vale[50];
-      sscanf (part,"%s %s",defmess,vale);
+      sscanf (part,"%30s %50s",defmess,vale);
      return stat->EnumCase (vale);
    }
  }