Opened 2 years ago
Closed 2 years ago
#1546 closed defect (fixed)
Possible buffer overflow in smartctl.cpp
| Reported by: | aaelhaj | Owned by: | Christian Franke |
|---|---|---|---|
| Priority: | major | Milestone: | Release 7.3 |
| Component: | smartctl | Version: | |
| Keywords: | Cc: |
Description
s buffer is allocated 8 bytes here:
https://www.smartmontools.org/browser/trunk/smartmontools/smartctl.cpp#L873
However, the corresponsing sscanf format specifier can be up to 10 bytes:
https://www.smartmontools.org/browser/trunk/smartmontools/smartctl.cpp#L874
Change History (2)
comment:1 by , 2 years ago
| Milestone: | → Release 7.3 |
|---|---|
| Owner: | set to |
| Priority: | minor → major |
| Status: | new → accepted |
comment:2 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Fixed in r5260, thanks again.
Note:
See TracTickets
for help on using tickets.
Thanks for reporting this bug introduced in r4380.
Interestingly none of the tools we use (g++, clang++, cppcheck, LGTM) detected this.
Cppcheck apparently only detects:
char s[9]; sscanf(p, "%9s", s);but not:
char s[9]; sscanf(p, "%9[a-z]", s)