Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix possible buffer overflow in ClpSimplexOther #1

Open
wants to merge 6 commits into
base: stable/1.17
Choose a base branch
from

Conversation

Mart-Bogdan
Copy link

I have found this as warning from GCC when was installing some packages from AUR.

There is possibility of buffer overflow, especially in this case:

sprintf(line, "Odd first line %s on file %s?", line, dataFile);

Because we are using content of array line inside template, and it can be 199 chars already.

tkralphs and others added 4 commits January 11, 2022 23:52
- Fix super build (e.g. FetchContent) integration
- cmake: option() honors normal variables (CMP0077)
@Mart-Bogdan Mart-Bogdan changed the title Fix possible buffer overflow in ClpSimplexOther::parametrics Fix possible buffer overflow in ClpSimplexOther Oct 10, 2023
@Mart-Bogdan
Copy link
Author

Mart-Bogdan commented Oct 10, 2023

P.S. I've noticed this warning when was trying to build https://github.com/google/or-tools

@Mizux
Copy link
Owner

Mizux commented Oct 11, 2023

To be sure, is it the backport of:
coin-or#279 and
coin-or#280

ps: thx for contributing to FOSS !

@Mart-Bogdan
Copy link
Author

Yes, it's same fix applied to multiple reps.

I initially noticed warning about that when was building coin-or from google's repo. And your repo was used directly. So decided to post it here as well. IDK if upstream would accept patch soon.

@Mart-Bogdan
Copy link
Author

Mart-Bogdan commented Nov 17, 2023

and this line

<< line2 << CoinMessageEol;

was added, as same fix is in coin-or:master in upstream. (or somewhere else in upstream, I don't recall exactly, as it was some time ago)

using second variable. as "POSIX standard forbids strings to overlap."

@Mizux Mizux force-pushed the stable/1.17 branch 3 times, most recently from 7c9fbcf to 37a4f58 Compare October 11, 2024 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants