OWLNext: C++ Application Framework / Bugs / #574 Buffer overflow in TEdit::GetLine

#574 Buffer overflow in TEdit::GetLine

Milestone: 6.44

Status: closed

Owner: Vidar Hasfjord

Labels: Internal (122) Crash (72)

Priority: 1

Updated: 2024-09-20

Created: 2024-05-08

Creator: Vidar Hasfjord

Private: No

In TEdit::GetLine, the string null-terminator is written beyond the given buffer, if the line length equals or exceeds the buffer size. Note that EM_GETLINE in this case fills the whole buffer, and the count returned equals the buffer size.

Vidar Hasfjord - 2024-05-27

assigned_to: Vidar Hasfjord

Group: unspecified --> 6.44
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Vidar Hasfjord - 2024-09-17

summary: Buffer overrun in TEdit::GetLine --> Buffer overflow in TEdit::GetLine

status: open --> pending
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Vidar Hasfjord - 2024-09-17

This issue has now been fixed on the trunk [r7106], and the fix has been merged into 7.0 and 6.44 [r7107], as well as 6.36 [r7108]. Resolution: If the buffer is too small, the string is now truncated and false is returned (as per function documentation).

Related

Commit: [r7106]
Commit: [r7107]
Commit: [r7108]

Last edit: Vidar Hasfjord 2024-09-17

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Vidar Hasfjord - 2024-09-20

status: pending --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Buffer overflow in TEdit::GetLine

Borland's Object Windows Library for the modern age

Group

Searches

Help

#574 Buffer overflow in TEdit::GetLine

Related

Discussion

Related