Patch applied and committed to the SVN.
Thanks,
Scuri
Em sáb., 4 de set. de 2021 às 21:15, sur-behoffski <
sur_behoff...@grouse.com.au> escreveu:
> G'day,
>
> I've decided to focus exclusively on fixing "undefined behaviour" --
> specifically, potential buffer overflows -- found by GCC 10.3, in IM, CD
> and IUP. I'm using only the the "-Wformat-overflow=" warnings.
>
> I found no cases in IM-r820, so am now looking at CD-r897.
>
> Typically, in a reasonable program, the boundaries would not be pushed...
> but I'm trying to close off all such loopholes, as a defect in one area
> may invalidate assumptions in another area. Therefore, these changes
> can limit collateral damage. Such damage could otherwise potentially
> open up space for malware/hackers.
>
> I'm trying VERY hard to make the changes as non-intrusive as possible.
>
> This first case, and, I suspect most cases, will be using "snprintf(3)"
> instead of "sprintf(3)" or perhaps "strcat(3)".
>
> The patch can increase the cases where the function returns a NULL
> pointer (if snprintf returns -1, or if it signals that a buffer overflow
> has been thwarted).
>
> In addition, copying canvas->native_font to private static buffer
> native_font is deferred until after the CD_QUERY case. Apart from any
> third-party timing/race conditions, the earlier copy is pointless in the
> CD_QUERY case, as the buffer is overwritten in order to return the query
> (this behaviour is true of both the original and the modified code).
>
> A SVN patch is attached.
>
> ----------------
>
> The GCC warning:
>
> <DIRECTIVE> directive writing 1 byte into a region of size between 0 and
> <BYTECOUNT> [-Wformat-overflow=]:
> cd_text.c:310:[Function:cdCanvasNativeFont]: ' ' 1023
>
> ----------------
>
> Current (cd-r897) partial function listing, cdCanvasNativeFont():
>
>
> char* cdCanvasNativeFont(cdCanvas* canvas, const char* font)
> {
> static char native_font[1024] = "";
>
> assert(canvas);
> if (!_cdCheckCanvas(canvas)) return NULL;
>
> strcpy(native_font, canvas->native_font);
>
> if (font == (char*)CD_QUERY)
> {
> char style[200] = " ";
> if (canvas->font_style&CD_BOLD)
> strcat(style, "Bold ");
> if (canvas->font_style&CD_ITALIC)
> strcat(style, "Italic ");
> if (canvas->font_style&CD_UNDERLINE)
> strcat(style, "Underline ");
> if (canvas->font_style&CD_STRIKEOUT)
> strcat(style, "Strikeout ");
>
> sprintf(native_font, "%s,%s %d", canvas->font_type_face, style,
> canvas->font_size);
> return native_font;
> }
>
> /* [...] remainder elided (not changed) */
>
>
> ----------------
>
> Proposed, cdCanvasNativeFont():
>
>
> char* cdCanvasNativeFont(cdCanvas* canvas, const char* font)
> {
> static char native_font[1024] = "";
>
> assert(canvas);
> if (!_cdCheckCanvas(canvas)) return NULL;
>
> if (font == (char*)CD_QUERY)
> {
> int result;
>
> result = snprintf(native_font, sizeof(native_font),
> "%s,%s%s%s%s %d",
> canvas->font_type_face,
> (canvas->font_style&CD_BOLD) ? " Bold" :
> "",
> (canvas->font_style&CD_ITALIC) ? " Italic" :
> "",
> (canvas->font_style&CD_UNDERLINE) ? " Underline" :
> "",
> (canvas->font_style&CD_STRIKEOUT) ? " Strikeout" :
> "",
> canvas->font_size);
> if ((result < 0) || (result >= sizeof(native_font)))
> return NULL;
> return native_font;
> }
>
> strcpy(native_font, canvas->native_font);
>
> /* [...] remainder elided (not changed) */
>
>
> ----------------
>
> _______________________________________________
> Iup-users mailing list
> Iup-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/iup-users
>
_______________________________________________
Iup-users mailing list
Iup-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/iup-users
