[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[groff] 06/11: [grn]: Fix infinite loop on bad input.
|
From: |
G. Branden Robinson |
|
Subject: |
[groff] 06/11: [grn]: Fix infinite loop on bad input. |
|
Date: |
Mon, 16 Aug 2021 00:01:45 -0400 (EDT) |
gbranden pushed a commit to branch master
in repository groff.
commit 50216a235cd8214b9565ef0c0049fc4ed549650e
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Mon Aug 16 03:31:08 2021 +1000
[grn]: Fix infinite loop on bad input.
* src/preproc/grn/hdb.cpp (DBRead): Check return value of `sscanf()` and
call `fatal()` if no conversions succeeded. The blithe discard of a
useful return value is bad enough, but this one took place inside a
do-while such that it could loop forever trying fruitlessly to parse
two doubles out of strings that didn't contain them (the loop never
checked the EOF status of the file stream from which it was reading,
and relied on `fgets()` to keep advancing the stream pointer).
Discovered while root-causing Savannah #61043.
---
ChangeLog | 12 ++++++++++++
src/preproc/grn/hdb.cpp | 6 +++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 6b5c245..7bdee9a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2021-08-16 G. Branden Robinson <g.branden.robinson@gmail.com>
+
+ * src/preproc/grn/hdb.cpp (DBRead): Check return value of
+ `sscanf()` and call `fatal()` if no conversions succeeded. The
+ blithe discard of a useful return value is bad enough, but this
+ one took place inside a do-while such that it could loop
+ forever trying fruitlessly to parse two doubles out of strings
+ that didn't contain them (the loop never checked the EOF status
+ of the file stream from which it was reading, and relied on
+ `fgets()` to keep advancing the stream pointer). Discovered
+ while root-causing Savannah #61043.
+
2021-08-15 G. Branden Robinson <g.branden.robinson@gmail.com>
Resolve compiler warnings relating to format string security and
diff --git a/src/preproc/grn/hdb.cpp b/src/preproc/grn/hdb.cpp
index c61e099..0310d7a 100644
--- a/src/preproc/grn/hdb.cpp
+++ b/src/preproc/grn/hdb.cpp
@@ -148,7 +148,11 @@ DBRead(register FILE *file)
if (string[0] == '*') { /* SUN gremlin file */
lastpoint = TRUE;
} else {
- (void) sscanf(string, "%lf%lf", &x, &y);
+ if (!sscanf(string, "%lf%lf", &x, &y)) {
+ error("expected coordinate pair, got '%1';"
+ " giving up on this picture", string);
+ return(elist);
+ }
if ((x == -1.00 && y == -1.00) && (!SUNFILE))
lastpoint = TRUE;
else {
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [groff] 06/11: [grn]: Fix infinite loop on bad input.,
G. Branden Robinson <=