[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gimp-developer
Subject:    [Gimp-developer] scanfs without field width limits making Gimp crash
From:       "Nelson A. de Oliveira" <naoliv () gmail ! com>
Date:       2011-01-22 7:04:23
Message-ID: AANLkTimHw=cCvE0TGmdCjnQ=JFporoiRGKHL9Dj57uB1 () mail ! gmail ! com
[Download RAW message or body]

Hi!

While testing gimp with cppcheck I saw a lot of warnings caused by the
usage of scanf and fscanf without specifying a width limit.

One example:

=========
[./app/gegl/gimpcurvesconfig.c:392]: (warning) scanf without field
width limits can crash with huge input data. To fix this error message
add a field width specifier:
    %s => %20s
    %i => %3i

Sample program that can crash:

#include <stdio.h>
int main()
{
    int a;
    scanf("%i", &a);
    return 0;
}

To make it crash:
perl -e 'print "5"x2100000' | ./a.out
=========

Indeed it's possible to make gimp crash by using a curve file with
such big value; you can test by trying to import
http://people.debian.org/~naoliv/misc/gimp/curve.cur

A full list of fscanf/scanf warnings is available at
http://people.debian.org/~naoliv/misc/gimp/scanf.txt

Thank you!

Best regards,
Nelson
_______________________________________________
Gimp-developer mailing list
Gimp-developer@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic