| View Issue Details [ Jump to Notes ] | [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0015086 | VTK | (No Category) | public | 2014-10-29 14:29 | 2014-11-12 09:40 | ||||
| Reporter | Stephan Rademacher | ||||||||
| Assigned To | Sujin Philip | ||||||||
| Priority | normal | Severity | minor | Reproducibility | have not tried | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 5.10.1 | ||||||||
| Target Version | Fixed in Version | 6.2.0 | |||||||
| Summary | 0015086: Buffer Overflow in vtkCubeAxesActor | ||||||||
| Description | There are buffer overflows in the AdjustValues method of vtkCubeAxesActor. In this method local buffers are created on the stack and then filled using sprintf, like this: char xTitle[64]; .. .. .. sprintf(xTitle, "%s (x10^%d %s)", this->XTitle, xPow, XUnits); This can overflow easily if the parameters are too long. I realize that one rarely if ever needs more than 64 chars for an axis label, so this won't happen 'in the wild' very often. But well, I ran into it :) Here is a small program demonstrating the overflow: #include "vtkCubeAxesActor.h" #include "vtkRenderer.h" #include "vtkRenderWindow.h" #include "vtkRenderWindowInteractor.h" #include "vtkSmartPointer.h" int main() { vtkSmartPointer<vtkRenderer> renderer = vtkSmartPointer<vtkRenderer>::New(); vtkSmartPointer<vtkRenderWindow> renderWindow = vtkSmartPointer<vtkRenderWindow>::New(); vtkSmartPointer<vtkRenderWindowInteractor> interactor = vtkSmartPointer<vtkRenderWindowInteractor>::New(); renderWindow->AddRenderer(renderer); interactor->SetRenderWindow(renderWindow); vtkSmartPointer<vtkCubeAxesActor> axesActor = vtkSmartPointer<vtkCubeAxesActor>::New(); vtkCamera* camera = renderer->GetActiveCamera(); axesActor->SetCamera(camera); double bounds[6] = {0.0, 16.0, 0.0, 16.0, 0.0, 16.0}; axesActor->SetBounds(bounds); axesActor->SetXTitle("This string is going to be rather long, far far longer than 64 characters! Boomchakalaka!"); renderer->AddActor(axesActor); renderer->ResetCamera(); renderer->SetBackground(0.0, 0.0, 0.0); renderWindow->Render(); interactor->Start(); return 0; } | ||||||||
| Tags | No tags attached. | ||||||||
| Project | TBD | ||||||||
| Type | crash | ||||||||
| Attached Files | |||||||||
| Relationships | |
| Relationships |
| Notes | |
|
(0033800) Sujin Philip (developer) 2014-11-12 09:40 |
Please refer to http://review.source.kitware.com/#/t/4951/ [^] |
| Notes |
| Issue History | |||
| Date Modified | Username | Field | Change |
| 2014-10-29 14:29 | Stephan Rademacher | New Issue | |
| 2014-11-06 16:47 | Sujin Philip | Assigned To | => Sujin Philip |
| 2014-11-06 16:48 | Sujin Philip | Status | backlog => active development |
| 2014-11-12 09:40 | Sujin Philip | Note Added: 0033800 | |
| 2014-11-12 09:40 | Sujin Philip | Status | active development => closed |
| 2014-11-12 09:40 | Sujin Philip | Resolution | open => fixed |
| 2014-11-12 09:40 | Sujin Philip | Fixed in Version | => 6.2.0 |
| Issue History |
| Copyright © 2000 - 2018 MantisBT Team |