X2Go Bug report logs - #777
nx-libs: incorrect usage of scanf

version graph

Package: nx-libs; Maintainer for nx-libs is X2Go Developers <x2go-dev@lists.x2go.org>;

Reported by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Date: Fri, 30 Jan 2015 19:40:01 UTC

Severity: normal

Found in version head

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Full log


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 30 Jan 2015 19:35:56 +0000
From xypron.glpk@gmx.de  Fri Jan 30 20:35:55 2015
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM
	autolearn=ham version=3.3.2
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 5DD0C3BC8A
	for <submit@bugs.x2go.org>; Fri, 30 Jan 2015 20:35:55 +0100 (CET)
Received: from [192.168.123.39] ([178.201.93.16]) by mail.gmx.com (mrgmx102)
 with ESMTPSA (Nemesis) id 0MaE4a-1XxP3T0IOm-00JoiI for
 <submit@bugs.x2go.org>; Fri, 30 Jan 2015 20:35:55 +0100
Message-ID: <54CBDD19.8090103@gmx.de>
Date: Fri, 30 Jan 2015 20:35:53 +0100
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0
MIME-Version: 1.0
To: submit@bugs.x2go.org
Subject: nx-libs: incorrect usage of scanf
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Provags-ID:  V03:K0:LBguQCVpS36vYsS5CVcFmYe4tyBsvIMCWaV5SEWlwYE+LjeXeCv
 LdSldVgTH1vsqCs+XSLmHSibjRgIaGNNmwdbHTSvylsRNj6de3SJTRcXlceOKRBlJgG5mS4
 q5rMtN/paHUhgb/RBh7+R72MvbwNpiRzJbM4Ujr8CKHllXED7SYgNdDCeGUCo6lzcrwGvc+
 8Y81VE/IYRZRgFJQTCsZA==
X-UI-Out-Filterresults: notjunk:1;
package: nx-libs
version: head

In different parts of the nx-libs library you can find usages of scanf like

   /* check for MESA_GAMMA environment variable */
   gamma = _mesa_getenv("MESA_GAMMA");
   if (gamma) {
      v->RedGamma = v->GreenGamma = v->BlueGamma = 0.0;
      sscanf( gamma, "%f %f %f", &v->RedGamma, &v->GreenGamma,
&v->BlueGamma );

According to cppcheck:

scanf without field width limits can crash with huge input data on libc
versions older than 2.13-25. Add a field width specifier to fix this
problem:
    %i => %3i


Best regards

Heinrich Schuchardt


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Mon Jul 13 06:09:51 2020; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.