scanfs without field width limits making Gimp crash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

While testing gimp with cppcheck I saw a lot of warnings caused by the
usage of scanf and fscanf without specifying a width limit.

One example:

=========
[./app/gegl/gimpcurvesconfig.c:392]: (warning) scanf without field
width limits can crash with huge input data. To fix this error message
add a field width specifier:
    %s => %20s
    %i => %3i

Sample program that can crash:

#include <stdio.h>
int main()
{
    int a;
    scanf("%i", &a);
    return 0;
}

To make it crash:
perl -e 'print "5"x2100000' | ./a.out
=========

Indeed it's possible to make gimp crash by using a curve file with
such big value; you can test by trying to import
http://people.debian.org/~naoliv/misc/gimp/curve.cur

A full list of fscanf/scanf warnings is available at
http://people.debian.org/~naoliv/misc/gimp/scanf.txt

Thank you!

Best regards,
Nelson
_______________________________________________
Gimp-developer mailing list
Gimp-developer@xxxxxxxxxxxxxxxxxxxxxx
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
[Index of Archives]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [GIMP for Windows]     [KDE]     [GEGL]     [Gimp's Home]     [Gimp on GUI]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux