|
2015-09-23, 01:02
|
#1 |
|
May 2014
2116 Posts |
(patch) IniWriteFloat should limit its field width
IniWriteFloat should limit its field width, otherwise it is easy to create a buffer overflow with a large floating point number. The syntax like sprintf(buf, "%f", num) is unsafe.
Ideally snprintf should be used instead of sprintf, but I assume not every system support that (it's C99, but some systems supports sprintf_s), and it takes time to write it in a backward-compatible way, so I guess I'll hold that for now and do it when I have more time. However limiting the field width of float-to-string output always works. The reverse functions, atof and strtod, always accept input in E notation. Code:
diff -r -u a/commonc.c b/commonc.c
--- a/commonc.c 2015-03-26 05:27:12.000000000 +0800
+++ b/commonc.c 2015-09-23 08:12:44.936980349 +0800
@@ -1745,8 +1745,10 @@
const char *keyword,
float val)
{
+ /* Assume FLT_MAX is 3.40282e+038, the maximum significant digits that
+ can be stored in this buf is 12. ((sizeof(buf))-sizeof("-.E+038")) */
char buf[20];
- sprintf (buf, "%f", val);
+ sprintf (buf, "%11g", val);
IniSectionWriteString (filename, section, keyword, buf);
}
|
|
|
 |
| Thread Tools | |
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| mfaktc and PCIe bus width | Chuck | GPU Computing | 47 | 2016-01-08 07:51 |
| (patch) No need for fmt_mask[] buffer | Explorer09 | Software | 12 | 2015-09-23 22:22 |
| GCD of Polynomials over a finite field for NFS | paul0 | Programming | 6 | 2015-01-16 15:12 |
| v1.40 patch for massive NFS oversieving | jasonp | Msieve | 18 | 2009-04-09 03:20 |
| Amd patch | moo | Hardware | 6 | 2005-10-10 23:29 |
