Commit 17404e14 authored by Sean McBride's avatar Sean McBride

Fixed buffer overrun caused in malformed test input

vtkInteractorEventRecorder::Play()'s implementation is not very resilient against malformed input. If one of the input lines was too short, as was the case with TestPropPicker2Renderers.cxx, then the line "iss >> keySym" doesn't write anything to the 'keySym' buffer. A later invocation of strlen(keySym) overeads the buffer looking for a terminating NUL that isn't there.

Caught this with the combination of ASan and -ftrivial-auto-var-init=pattern.

Fixed TestPropPicker2Renderers.cxx to use "StreamVersion 1.1", which is is probably what it intended, as there's one less item per line vs the older format.

Added an assert that would catch this without fancy build options. This found a similar bug in TestImplicitPlaneWidget2LockNormalToCamera.cxx, fixed that too.

Also increased the size of two stack buffers to 256 to match the use of width(256).
parent b1295109
Pipeline #149156 failed with stage
......@@ -366,7 +366,7 @@ const char eventLog2LockNormalToCamera[] =
"RenderEvent 217 122 0 0 0 0 t\n"
"MouseMoveEvent 218 134 0 0 0 0 t\n"
"RenderEvent 218 134 0 0 0 0 t\n"
"LeftButtonReleaseEvent 290 0 0 0 0 t\n"
"LeftButtonReleaseEvent 290 106 0 0 0 0 t\n"
"KeyPressEvent 147 213 0 1 62 1 greater\n"
"CharEvent 147 213 0 1 62 1 greater\n"
"KeyReleaseEvent 147 213 0 1 62 1 greater\n"
......
......@@ -202,7 +202,7 @@ void vtkInteractorEventRecorder::Play()
this->State = vtkInteractorEventRecorder::Playing;
// Read events and invoke them on the object in question
char event[128], keySym[64];
char event[256], keySym[256];
int pos[2], ctrlKey, shiftKey, altKey, keyCode, repeatCount;
float stream_version = 0.0f, tempf;
std::string line;
......@@ -270,6 +270,7 @@ void vtkInteractorEventRecorder::Play()
this->Interactor->InvokeEvent(ievent, nullptr);
}
}
assert(iss.good() || iss.eof());
}
}
......@@ -461,9 +462,3 @@ void vtkInteractorEventRecorder::PrintSelf(ostream& os, vtkIndent indent)
os << indent << "Input String: (None)\n";
}
}
......@@ -99,7 +99,7 @@ void InitRepresentation(vtkRenderer* renderer)
}
const char PropPickerEventLog[] =
"# StreamVersion 1\n"
"# StreamVersion 1.1\n"
"LeftButtonPressEvent 160 150 0 0 0 0\n"
"LeftButtonReleaseEvent 160 150 0 0 0 0\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment