Functions in hppsfilter.c crashes when long string is sent into them
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HPLIP |
New
|
Undecided
|
Unassigned |
Bug Description
Implementation of functions:
open_dbg_outfile()
WriteHeader()
WriteJobAccount
contains library function sprintf(), which doesn't check size of input string and simply copies input string into output array, which has definite size. So when input string is longer than output array, program crashes (like in bug report https:/
Implementation of these functions misses way to deal with long strings, please fix it. I see two ways how to solve it (generally use snprintf instead sprintf):
1) check actual length of string and send it into function with string - there dynamically allocate output array according actual length and then free it.
2) check actual string length and if string is longer than expected, fragment it and send it into function part by part.
Hi,
Thanks for reporting this issue. We'll reproduce this issue and implement the right solution to handle the length constraints. We'll plan to include this fix in a future release.
Thanks.