Hi!
While testing gimp with cppcheck I saw a lot of warnings caused by the
usage of scanf and fscanf without specifying a width limit.
One example:
=========
[./app/gegl/gimpcurvesconfig.c:392]: (warning) scanf without field
width limits can crash with huge input data. To fix this error message
add a field width specifier:
%s => %20s
%i => %3i
Sample program that can crash:
#include <stdio.h>
int main()
{
int a;
scanf("%i", &a);
return 0;
}
To make it crash:
perl -e 'print "5"x2100000' | ./a.out
=========
Indeed it's possible to make gimp crash by using a curve file with
such big value; you can test by trying to import
http://people.debian.org/~naoliv/misc/gimp/curve.cur
A full list of fscanf/scanf warnings is available at
http://people.debian.org/~naoliv/misc/gimp/scanf.txt
Thank you!
Best regards,
Nelson
_______________________________________________
Gimp-developer mailing list
[email protected]
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
