Opened 2 years ago

Closed 2 years ago

#1546 closed defect (fixed)

Possible buffer overflow in smartctl.cpp

Reported by: aaelhaj Owned by: Christian Franke
Priority: major Milestone: Release 7.3
Component: smartctl Version:
Keywords: Cc:


s buffer is allocated 8 bytes here:

However, the corresponsing sscanf format specifier can be up to 10 bytes:

Change History (2)

comment:1 by Christian Franke, 2 years ago

Milestone: Release 7.3
Owner: set to Christian Franke
Priority: minormajor
Status: newaccepted

Thanks for reporting this bug introduced in r4380.

Interestingly none of the tools we use (g++, clang++, cppcheck, LGTM) detected this.

Cppcheck apparently only detects:
char s[9]; sscanf(p, "%9s", s);
but not:
char s[9]; sscanf(p, "%9[a-z]", s)

comment:2 by Christian Franke, 2 years ago

Resolution: fixed
Status: acceptedclosed

Fixed in r5260, thanks again.

Note: See TracTickets for help on using tickets.