-
-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
i.ortho.photo: Fix uninitialized variable and potential buffer overflow #4093
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two notes,
99 should be in a #DEFINE constant as used many times in the file.
tosystem is later used with strcpy, even if it's "safe" (< 99), we could use strncpy
@ShubhamDesai tell me if you don't want to apply the suggestions in this same PR (I think is reasonable). If it is the case, I'll make the PR mergeable. Thanks @lbartoletti for reviewing! I wasn't completely sure about the pattern to use when initializing char arrays, and that I wasn't missing something in the context around. |
I would edit in the same PR so that it would be easily reviewed |
I have done the changes. Could you please review it once |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lbartoletti Do you mind a quick double check here? I don't see anything wrong. The same pattern is applied averywhere (strcpy -> G_strlcpy), except for group.name (strncpy -> G_strlcpy).
Also, does @nilason's comment here #4087 (comment) about a possible string truncation apply here too?
Other than that, I would approve it
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
This issue was identified by coverity scan (CID: 1415632).
Initially cppcheck was used on imagery folder and all uninitialized variables were resolved but this issue was missed by cppcheck.
Changes Made:
Initialized the tosystem array with an empty string (char tosystem[99] = "";).