Skip to content

Commit

Permalink
d.labels: Fix buffer overflow issues (OSGeo#4041)
Browse files Browse the repository at this point in the history 
Addresses multiple warnings identified by cppcheck related to
potential buffer overflow issues. Added field width specifiers
to the sscanf calls to prevent buffer overflows.
  • Loading branch information
@ShubhamDesai
ShubhamDesai authored Jul 26, 2024
1 parent b082d42 commit cd0687f
Showing 1 changed file with 35 additions and 21 deletions.
56 changes: 35 additions & 21 deletions display/d.labels/do_labels.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,22 @@
#include <grass/glocale.h>
#include "local_proto.h"

#define NL 012
#define TAB 011
#define BACK 0134
#define MTEXT 1024

#define TOP 0
#define CENT 1
#define BOT 2
#define LEFT 0
#define RITE 2
#define YES 1
#define NO 0
#define NL 012
#define TAB 011
#define BACK 0134
#define MTEXT 1024

#define TOP 0
#define CENT 1
#define BOT 2
#define LEFT 0
#define RITE 2
#define YES 1
#define NO 0

#define BUFFSIZE 128
#define FONTSIZE 256
#define WORDSIZE 50

static double east;
static double north;
Expand All @@ -33,9 +37,13 @@ static int highlight_width;
static int opaque;
static double width, rotation;
static char text[MTEXT];
static char font[256];
static char font[FONTSIZE];
static const char *std_font;

static char buff_fmt[WORDSIZE];
static char font_fmt[WORDSIZE];
static char word_fmt[WORDSIZE];

static int ymatch(char *);
static int xmatch(char *);

Expand Down Expand Up @@ -67,7 +75,12 @@ int initialize_options(void)

int do_labels(FILE *infile, int do_rotation)
{
char buff[128];
char buff[BUFFSIZE];

snprintf(buff_fmt, sizeof(buff_fmt), "%%*s %%%ds", BUFFSIZE - 1);
snprintf(font_fmt, sizeof(font_fmt), "%%*s %%%ds", FONTSIZE - 1);
snprintf(word_fmt, sizeof(word_fmt), "%%%ds %%%ds", WORDSIZE - 1,
WORDSIZE - 1);

initialize_options();

Expand All @@ -84,7 +97,7 @@ int do_labels(FILE *infile, int do_rotation)
else if (!strncmp(text, "yof", 3))
sscanf(text, "%*s %d", &yoffset);
else if (!strncmp(text, "col", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
set_RGBA_from_str(&color, buff);
}
else if (!strncmp(text, "siz", 3))
Expand All @@ -94,15 +107,15 @@ int do_labels(FILE *infile, int do_rotation)
else if (!strncmp(text, "wid", 3))
sscanf(text, "%*s %lf", &width);
else if (!strncmp(text, "bac", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
set_RGBA_from_str(&background, buff);
}
else if (!strncmp(text, "bor", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
set_RGBA_from_str(&border, buff);
}
else if (!strncmp(text, "opa", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
if (!strncmp(buff, "YES", 3))
opaque = YES;
else
Expand All @@ -115,15 +128,15 @@ int do_labels(FILE *infile, int do_rotation)
}
}
else if (!strncmp(text, "fon", 3)) {
if (sscanf(text, "%*s %s", font) != 1 || !strcmp(font, "standard"))
if (sscanf(text, font_fmt, font) != 1 || !strcmp(font, "standard"))
strcpy(font, std_font);
}
else if (!strncmp(text, "rot", 3)) {
if (do_rotation)
sscanf(text, "%*s %lf", &rotation);
}
else if (!strncmp(text, "hco", 3)) {
sscanf(text, "%*s %s", buff);
sscanf(text, buff_fmt, buff);
set_RGBA_from_str(&highlight_color, buff);
}
else if (!strncmp(text, "hwi", 3))
Expand Down Expand Up @@ -452,7 +465,7 @@ int scan_ref(char *buf)
if (buf[i] >= 'A' && buf[i] <= 'Z')
buf[i] += 'a' - 'A';
xref = yref = CENT;
switch (sscanf(buf, "%s%s", word1, word2)) {
switch (sscanf(buf, word_fmt, word1, word2)) {
case 2:
if (!(xmatch(word2) || ymatch(word2)))
return 0;
Expand All @@ -461,6 +474,7 @@ int scan_ref(char *buf)
if (xmatch(word1) || ymatch(word1))
return 1;
FALLTHROUGH;
case EOF:
default:
return 0;
}
Expand Down

0 comments on commit cd0687f

Please sign in to comment.