Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix possible buffer overflow in ClpSimplexOther #1

Open
wants to merge 6 commits into
base: stable/1.17
Choose a base branch
from
Open

Fix possible buffer overflow in ClpSimplexOther #1

wants to merge 6 commits into from

Conversation

Mart-Bogdan
Copy link

I have found this as warning from GCC when was installing some packages from AUR.

There is possibility of buffer overflow, especially in this case:

sprintf(line, "Odd first line %s on file %s?", line, dataFile);

Because we are using content of array line inside template, and it can be 199 chars already.

tkralphs and others added 4 commits January 11, 2022 23:52
@tkralphs
version number updates for release 1.17.7
1c2586a
@Mizux
Add CMake based build
7f293f9 
- Fix super build (e.g. FetchContent) integration
- cmake: option() honors normal variables (CMP0077)
@Mizux
Add CMake CI
5f50f5f
@Mizux
Add Test
914e0af
@Mart-Bogdan Mart-Bogdan changed the title Fix possible buffer overflow in ClpSimplexOther::parametrics Fix possible buffer overflow in ClpSimplexOther Oct 10, 2023
@Mart-Bogdan
Copy link
Author

Mart-Bogdan commented Oct 10, 2023
edited
Loading

P.S. I've noticed this warning when was trying to build https://github.com/google/or-tools

@Mizux
Copy link
Owner

Mizux commented Oct 11, 2023

To be sure, is it the backport of:
coin-or#279 and
coin-or#280

ps: thx for contributing to FOSS !

@Mart-Bogdan
Copy link
Author

Yes, it's same fix applied to multiple reps.

I initially noticed warning about that when was building coin-or from google's repo. And your repo was used directly. So decided to post it here as well. IDK if upstream would accept patch soon.

@Mart-Bogdan
Copy link
Author

Mart-Bogdan commented Nov 17, 2023
edited
Loading

and this line

<< line2 << CoinMessageEol;

was added, as same fix is in coin-or:master in upstream. (or somewhere else in upstream, I don't recall exactly, as it was some time ago)

using second variable. as "POSIX standard forbids strings to overlap."

@Mizux Mizux force-pushed the stable/1.17 branch 3 times, most recently from 7c9fbcf to 37a4f58 Compare October 11, 2024 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Mart-Bogdan @Mizux @tkralphs