Buffer Overflow in vtkCubeAxesActor
This issue was created automatically from an original Mantis Issue. Further discussion may take place here.
There are buffer overflows in the AdjustValues method of vtkCubeAxesActor.
In this method local buffers are created on the stack and then filled using sprintf, like this:
char xTitle[64]; .. .. .. sprintf(xTitle, "%s (x10^%d %s)", this->XTitle, xPow, XUnits);
This can overflow easily if the parameters are too long. I realize that one rarely if ever needs more than 64 chars for an axis label, so this won't happen 'in the wild' very often. But well, I ran into it :)
Here is a small program demonstrating the overflow:
#include "vtkCubeAxesActor.h" #include "vtkRenderer.h" #include "vtkRenderWindow.h" #include "vtkRenderWindowInteractor.h" #include "vtkSmartPointer.h"
int main() { vtkSmartPointer renderer = vtkSmartPointer::New(); vtkSmartPointer renderWindow = vtkSmartPointer::New(); vtkSmartPointer interactor = vtkSmartPointer::New();
renderWindow->AddRenderer(renderer);
interactor->SetRenderWindow(renderWindow);
vtkSmartPointer<vtkCubeAxesActor> axesActor = vtkSmartPointer<vtkCubeAxesActor>::New();
vtkCamera* camera = renderer->GetActiveCamera();
axesActor->SetCamera(camera);
double bounds[6] = {0.0, 16.0, 0.0, 16.0, 0.0, 16.0};
axesActor->SetBounds(bounds);
axesActor->SetXTitle("This string is going to be rather long, far far longer than 64 characters! Boomchakalaka!");
renderer->AddActor(axesActor);
renderer->ResetCamera();
renderer->SetBackground(0.0, 0.0, 0.0);
renderWindow->Render();
interactor->Start();
return 0;
}