[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #60964] [hpftodit] potential overrun of static buffer
From: |
G. Branden Robinson |
Subject: |
[bug #60964] [hpftodit] potential overrun of static buffer |
Date: |
Mon, 26 Jul 2021 20:40:00 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 |
Update of bug #60964 (project groff):
Status: In Progress => Fixed
Open/Closed: Open => Closed
Planned Release: None => 1.23.0
_______________________________________________________
Follow-up Comment #2:
commit 78220681c403a6edc4644e8919e57a2d26d13f0e
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date: Sun Jul 25 21:08:54 2021 +1000
[hpftodit]: Fix Savannah #60964.
* src/utils/hpftodit/hpftodit.cpp (show_symset): Prevent sprintf() from
overunning a static buffer. Thanks to Bjarni Ingi Gislason for the
report. Resize buffer to be large enough to accommodate a 64-bit
unsigned int type formatted as decimal. Also add assert() before the
sprintf() to abort if the int type is even larger than that. Use "%u"
conversion instead of "%d" since the quantity is unsigned.
(hp_msl_to_ucode_name): Similar, but for a signed int.
(unicode_to_ucode_name): Similar, but for a signed int formatted as
(unsigned) hexadecimal.
Fixes <https://savannah.gnu.org/bugs/?60964>.
Why not use a static assert for checking the width of a primitive data
type? Because static assertions are a C++11 feature that did not exist
yet in the ca. 1990 dialect of C++ that groff uses.
Also add editor aid comments and migrate from old- to new-style Emacs
file-local variables.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?60964>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/