Note the possible buffer overflow in window_title

git-svn-id: svn+ssh://svn.code.sf.net/p/freeglut/code/trunk/freeglut/freeglut@198 7f0cb862-5218-0410-a997-914c9d46530a

diff --git a/progs/demos/Fractals/fractals.c b/progs/demos/Fractals/fractals.c
index 644b337..3749f16 100644 (file)
--- a/progs/demos/Fractals/fractals.c
+++ b/progs/demos/Fractals/fractals.c
@@ -206,7 +206,12 @@ void readConfigFile ( char *fnme )
 
   /* Read the window title */
   fgets ( inputline, 256, fptr ) ;
-  sscanf ( inputline, "%[a-zA-Z0-9!@#$%^&*()+=/\\_-\" ]", window_title ) ;
+  /* We assume here that this line will not exceed 79 characters plus a 
+     newline (window_title is 80 characters long). That'll cause a buffer 
+     overflow. For a simple program like  this, though, we're letting it 
+     slide! 
+  */
+  sscanf ( inputline, "%[a-zA-Z0-9!@#$%^&*()+=/\\_-\" ]", window_title ) ; 
 
   /* Read a comment line */
   fgets ( inputline, 256, fptr ) ;

diff --git a/progs/demos/Fractals_random/fractals_random.c b/progs/demos/Fractals_random/fractals_random.c
index e401c70..b890e2c 100644 (file)
--- a/progs/demos/Fractals_random/fractals_random.c
+++ b/progs/demos/Fractals_random/fractals_random.c
@@ -188,6 +188,11 @@ void readConfigFile ( char *fnme )
 
   /* Read the window title */
   fgets ( inputline, 256, fptr ) ;
+  /* We assume here that this line will not exceed 79 characters plus a 
+     newline (window_title is 80 characters long). That'll cause a buffer 
+     overflow. For a simple program like  this, though, we're letting it 
+     slide! 
+  */
   sscanf ( inputline, "%[a-zA-Z0-9!@#$%^&*()+=/\\_-\" ]", window_title ) ;
 
   /* Read a comment line */