On Fri, Jun 26, 2015 at 3:54 PM, Sören Gebbert <[email protected] > wrote:
> >> may i suggest a patch to solve this issue? > > > > > > Sure! > > Ok, i will commit the patch. > > > > > I'm not sure if I can judge the path. However, sprintf is used a lot in > > GRASS, so I'm not sure if we can just replace it with other function > without > > understanding what is the issue (at least I don't understand). > > All sprintf calls in GRASS should be replaced by G_snprintf() because > sprintf is by design unsafe and the result of many buffer overflows > and eventually exploits. sprintf does not check the size of the target > buffer but G_snprintf does (if used correctly). > > > As for the magic number there, there is G_PATH_MAX or something, perhaps > > that would be more appropriate. > > Yes, it would. When I said "G_PATH_MAX or something" I meant that you should check me not commit without even compiling the code :-) Fixed in r65525 after compilation and tests*. Vaclav * although there are no tests testing colr2 https://trac.osgeo.org/grass/changeset/65524 https://trac.osgeo.org/grass/changeset/65525
_______________________________________________ grass-dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/grass-dev
