"sprintf" function being used in googletest.h which is not secure #536
Labels
Comments
|
What issue is this causing? |
|
@sergiud I have updated the description. sprintf function reads and write memory beyond that it shouldn't and therefore has security problems. It is banned in many organizations including mine. |
aesophor
added a commit
to aesophor/glog
that referenced
this issue
May 8, 2020
sprintf poses two security risks: (1) write to memory where it shouldn't (2) read from memory where it shouldn't This commit replaces the use of sprintf() with snprintf() which has a size parameter to ensure the problems mentioned above won't take place.
sergiud
added a commit
that referenced
this issue
Sep 29, 2020
Replace sprintf() with snprintf() (#536)
|
Fixed in #551. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The sprintf function, when used with certain format specifiers, poses two types of security risk: (1) writing memory it shouldn't; (2) reading memory it shouldn't. If snprintf is used with a size parameter that matches the buffer, it won't write anything it shouldn't.
The text was updated successfully, but these errors were encountered: