[vtkusers] VTK 4.2.1: some tests still fail on SuSE Linux 8.1
Andy Cedilnik
andy.cedilnik at kitware.com
Thu Mar 13 11:50:30 EST 2003
Hi Henner,
Good catch. I fixed the file name issues. Could you please try to build
the CVS of VTK and test?
Thank you.
Andy
On Thu, 2003-03-13 at 06:52, Henner Eisen wrote:
> [ my first posting had a bogus From/Reply address, but this should
> be fixed now.]
>
> When I try to run the test from the shell as suggested I get a segfault.
> I tried to debug with with gdb. I first got a deepley nested (27 levels)
> call trace.
>
> I tried gdb with some more minimized examples and found that there
> is a buffer overun broblem in the Ensight* IO routines:
>
> The routines seem to use a character arrays line[] and subLine[]
> of fixed size as IO buffer. The same buffer is also used to compute
> strings -- such as the path name of a file to open -- by means of
> strcpy() and strcat() whithout checking the size of the target
> buffer.
>
> In the EnSight binary routines, sizeof(line) is only 80. If the path
> to the VTKData is non-trivial, the resulting file name size easily
> exceeds 79 characters. The same problem appears in other Ensight IO
> routines (maybe also in some non-EnSight routines, I did not check),
> but the non-binary routines use an IO buffer size of at least 256.
> Thus triggerring the bug requires a much longer file path for the
> non-binary IO routines.
>
> At least, after changing the dimensions in vtkEnSight6BinaryReader.cxx
> and vtkEnSightGoldBinaryReader.cxx from 80 to 256, the problem disappears.
> (Note that this is not a clean fix. Also, be aware that such
> buffer overuns could still be exploited to execute arbitrary
> malicious code by means of loading a specially constructed
> malicious data file).
More information about the vtkusers
mailing list