Skip to content

Commit

Permalink
Fix possible buffer overflow in ClpSimplexOther
Browse files Browse the repository at this point in the history
  • Loading branch information
Mart-Bogdan authored and svigerske committed Aug 16, 2024
1 parent 327fcdb commit 8596ee3
Showing 1 changed file with 23 additions and 22 deletions.
45 changes: 23 additions & 22 deletions src/ClpSimplexOther.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2645,7 +2645,7 @@ int ClpSimplexOther::parametrics(double startingTheta, double &endingTheta, doub
}
if (maxTheta < endingTheta) {
char line[100];
sprintf(line, "Crossover considerations reduce ending theta from %g to %g\n",
snprintf(line, sizeof(line), "Crossover considerations reduce ending theta from %g to %g\n",
endingTheta, maxTheta);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
Expand Down Expand Up @@ -2757,7 +2757,7 @@ int ClpSimplexOther::parametrics(double startingTheta, double &endingTheta, doub
copyModel.dual();
if (copyModel.problemStatus()) {
char line[100];
sprintf(line, "Can not get to theta of %g\n", startingTheta);
snprintf(line, sizeof(line), "Can not get to theta of %g\n", startingTheta);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
canTryQuick = false; // do slowly to get exact amount
Expand All @@ -2782,7 +2782,7 @@ int ClpSimplexOther::parametrics(double startingTheta, double &endingTheta, doub
}
perturbation_ = savePerturbation;
char line[100];
sprintf(line, "Ending theta %g\n", endingTheta);
snprintf(line, sizeof(line), "Ending theta %g\n", endingTheta);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
return problemStatus_;
Expand All @@ -2801,8 +2801,8 @@ int ClpSimplexOther::parametrics(const char *dataFile)
return -2;
}

if (!fgets(line, 200, fp)) {
sprintf(line, "Empty parametrics file %s?", dataFile);
if (!fgets(line, sizeof(line), fp)) {
snprintf(line, sizeof(line), "Empty parametrics file %s?", dataFile);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
fclose(fp);
Expand Down Expand Up @@ -2878,14 +2878,15 @@ int ClpSimplexOther::parametrics(const char *dataFile)
if (intervalTheta >= endTheta)
intervalTheta = 0.0;
if (!good) {
sprintf(line, "Odd first line %s on file %s?", line, dataFile);
char line2[300];
snprintf(line2, sizeof(line2), "Odd first line %s on file %s?", line, dataFile);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
<< line2 << CoinMessageEol;
fclose(fp);
return -2;
}
if (!fgets(line, 200, fp)) {
sprintf(line, "Not enough records on parametrics file %s?", dataFile);
if (!fgets(line, sizeof(line), fp)) {
snprintf(line, sizeof(line), "Not enough records on parametrics file %s?", dataFile);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
fclose(fp);
Expand Down Expand Up @@ -2969,7 +2970,7 @@ int ClpSimplexOther::parametrics(const char *dataFile)
int nLine = 0;
//int nBadLine = 0;
int nBadName = 0;
while (fgets(line, 200, fp)) {
while (fgets(line, sizeof(line), fp)) {
if (!strncmp(line, "ENDATA", 6) || !strncmp(line, "COLUMN", 6))
break;
nLine++;
Expand Down Expand Up @@ -3046,11 +3047,11 @@ int ClpSimplexOther::parametrics(const char *dataFile)
strcpy(saveLine, line);
}
}
sprintf(line, "%d Row fields and %d records", nAcross, nLine);
snprintf(line, sizeof(line), "%d Row fields and %d records", nAcross, nLine);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
if (nBadName) {
sprintf(line, " ** %d records did not match on name/sequence, first bad %s", nBadName, saveLine);
snprintf(line, sizeof(line), " ** %d records did not match on name/sequence, first bad %s", nBadName, saveLine);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
returnCode = -1;
Expand All @@ -3061,16 +3062,16 @@ int ClpSimplexOther::parametrics(const char *dataFile)
}
delete[] rowNames;
} else {
sprintf(line, "Duplicate or unknown keyword - or name/number fields wrong");
snprintf(line, sizeof(line), "Duplicate or unknown keyword - or name/number fields wrong");
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
returnCode = -1;
good = false;
}
}
if (good && (!strncmp(line, "COLUMN", 6) || !strncmp(line, "column", 6))) {
if (!fgets(line, 200, fp)) {
sprintf(line, "Not enough records on parametrics file %s after COLUMNS?", dataFile);
if (!fgets(line, sizeof(line), fp)) {
snprintf(line, sizeof(line), "Not enough records on parametrics file %s after COLUMNS?", dataFile);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
fclose(fp);
Expand Down Expand Up @@ -3141,7 +3142,7 @@ int ClpSimplexOther::parametrics(const char *dataFile)
int nLine = 0;
//int nBadLine = 0;
int nBadName = 0;
while (fgets(line, 200, fp)) {
while (fgets(line, sizeof(line), fp)) {
if (!strncmp(line, "ENDATA", 6))
break;
nLine++;
Expand Down Expand Up @@ -3220,11 +3221,11 @@ int ClpSimplexOther::parametrics(const char *dataFile)
strcpy(saveLine, line);
}
}
sprintf(line, "%d Column fields and %d records", nAcross, nLine);
snprintf(line, sizeof(line), "%d Column fields and %d records", nAcross, nLine);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
if (nBadName) {
sprintf(line, " ** %d records did not match on name/sequence, first bad %s", nBadName, saveLine);
snprintf(line, sizeof(line), " ** %d records did not match on name/sequence, first bad %s", nBadName, saveLine);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
returnCode = -1;
Expand All @@ -3235,7 +3236,7 @@ int ClpSimplexOther::parametrics(const char *dataFile)
}
delete[] columnNames;
} else {
sprintf(line, "Duplicate or unknown keyword - or name/number fields wrong");
snprintf(line, sizeof(line), "Duplicate or unknown keyword - or name/number fields wrong");
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
returnCode = -1;
Expand Down Expand Up @@ -3791,7 +3792,7 @@ int ClpSimplexOther::parametrics(double startingTheta, double &endingTheta,
delete rowArray_[5];
rowArray_[5] = NULL;
char line[100];
sprintf(line, "Ending theta %g\n", endingTheta);
snprintf(line, sizeof(line), "Ending theta %g\n", endingTheta);
handler_->message(CLP_GENERAL, messages_)
<< line << CoinMessageEol;
return problemStatus_;
Expand Down Expand Up @@ -6444,7 +6445,7 @@ ClpSimplexOther::gubVersion(int *whichRows, int *whichColumns,
}
}
if (!numberNormal) {
sprintf(message, "Putting back one gub row to make non-empty");
snprintf(message, sizeof(message), "Putting back one gub row to make non-empty");
handler_->message(CLP_GENERAL2, messages_)
<< message << CoinMessageEol;
rowIsGub[smallestGubRow] = -1;
Expand Down Expand Up @@ -6658,7 +6659,7 @@ ClpSimplexOther::gubVersion(int *whichRows, int *whichColumns,
}
}
}
sprintf(message, "** Before adding matrix there are %d rows and %d columns",
snprintf(message, sizeof(message), "** Before adding matrix there are %d rows and %d columns",
model2->numberRows(), model2->numberColumns());
handler_->message(CLP_GENERAL2, messages_)
<< message << CoinMessageEol;
Expand Down

0 comments on commit 8596ee3

Please sign in to comment.