Graphviz Bug Report 38

Number: 38
Title: Use of static arrays
Submitter: Emden R. Gansner
Date: Jul 19 2001
Subsys: Dot
Version: 1.7
System: *-*-*
Severity: minor
Problem:
Various functions in the code generators in common use static buffers of size BUFSIZ for encoding strings into escaped versions. Given that BUFSIZ is only 512 for Windows, and the recent surge in the size of user labels, it is easy for the functions to write beyond the end of the buffer, especially since the escaped versions are typically longer than the original.

In general, any use of static buffers should be checked to make sure they are safe.
Fix:
Validate that buffer can't overflow or use dynamic buffer.

NB: cat_libfile in common/utils.c uses a buffer of size BUFSIZ to read external library files. Also, svg_textline in common/svggen.c uses svg_printf to output a line of text. The latter function uses a buffer of size BUFSIZ. Thus, one assumes lines in the files and a text line in a graph have fewer than BUFSIZ characters.
Owner: erg
Status: Fixed (15 Jan 2002)