From ff964fb579513b840f04b31296945f85257fc838 Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Sun, 21 Sep 2003 13:47:36 +0000 Subject: [PATCH] Note the possible buffer overflow in window_title git-svn-id: svn+ssh://svn.code.sf.net/p/freeglut/code/trunk/freeglut/freeglut@198 7f0cb862-5218-0410-a997-914c9d46530a --- progs/demos/Fractals/fractals.c | 7 ++++++- progs/demos/Fractals_random/fractals_random.c | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/progs/demos/Fractals/fractals.c b/progs/demos/Fractals/fractals.c index 644b337..3749f16 100644 --- a/progs/demos/Fractals/fractals.c +++ b/progs/demos/Fractals/fractals.c @@ -206,7 +206,12 @@ void readConfigFile ( char *fnme ) /* Read the window title */ fgets ( inputline, 256, fptr ) ; - sscanf ( inputline, "%[a-zA-Z0-9!@#$%^&*()+=/\\_-\" ]", window_title ) ; + /* We assume here that this line will not exceed 79 characters plus a + newline (window_title is 80 characters long). That'll cause a buffer + overflow. For a simple program like this, though, we're letting it + slide! + */ + sscanf ( inputline, "%[a-zA-Z0-9!@#$%^&*()+=/\\_-\" ]", window_title ) ; /* Read a comment line */ fgets ( inputline, 256, fptr ) ; diff --git a/progs/demos/Fractals_random/fractals_random.c b/progs/demos/Fractals_random/fractals_random.c index e401c70..b890e2c 100644 --- a/progs/demos/Fractals_random/fractals_random.c +++ b/progs/demos/Fractals_random/fractals_random.c @@ -188,6 +188,11 @@ void readConfigFile ( char *fnme ) /* Read the window title */ fgets ( inputline, 256, fptr ) ; + /* We assume here that this line will not exceed 79 characters plus a + newline (window_title is 80 characters long). That'll cause a buffer + overflow. For a simple program like this, though, we're letting it + slide! + */ sscanf ( inputline, "%[a-zA-Z0-9!@#$%^&*()+=/\\_-\" ]", window_title ) ; /* Read a comment line */ -- 1.7.10.4