Fix Buffer Overflow Error in vtkWrapPythonInit.c (!6952) · Merge requests · VTK / VTK

NicolaasWeideman requested to merge NicolaasWeideman/vtk:release-fix-buffer-overflow into master May 29, 2020

This is a fix for the release branch.

In vtkWrapPythonInit.c, fscanf is used to read a user supplied string into a fixed-length buffer. There is no restriction on the length of the string, which may lead to a buffer overflow error. This commit limits the number of characters copied into the buffer. This is achieved by changing the format string of fscanf from %s to %249s.

The buffer overflow error can be reproduced as follows. In a terminal, run ./vtkWrapPythonInit-9.0 input_file init_file impl_file where input_file contains a single line of over 300 characters.

Backport: release

Edited May 29, 2020 by David Gobbi

Fix Buffer Overflow Error in vtkWrapPythonInit.c

Merge request reports