Skip to content

buffer overflow in novas_print_dms #296

Description

@aleberti

It seems that the culprit are the lines:

if(decimals > 0)
      novas_snprintf(fmt, len, "%%4d%%s%%02d%%s%%02d.%%0%dlld%%s", decimals);
else
      novas_snprintf(fmt, len, "%%4d%%s%%02d%%s%%02d%%s");

where len is the length of the input buffer, i.e. 100, while fmt is defined with length 40. So the code should read:

if(decimals > 0)
      novas_snprintf(fmt, sizeof(fmt), "%%4d%%s%%02d%%s%%02d.%%0%dlld%%s", decimals);
else
      novas_snprintf(fmt, sizeof(fmt), "%%4d%%s%%02d%%s%%02d%%s");

Also, in the call from Angle::to_string, this check is performed:

if(novas_print_dms(deg(), separator, decimals, s, sizeof(s)) != 0)
    novas_trace_invalid("Angle::str");

which prints (always?) that the Angle is invalid, even if it is not, because novas_print_dms would return the length of the buffer, which is by definition different from 0.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No fields configured for Bug.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions