Welcome, Guest. Please login or register. Did you miss your activation email?

Author Topic: Packet has dangerous behaviour with char* and operator >&  (Read 2001 times)

0 Members and 1 Guest are viewing this topic.

deadalnix

  • Newbie
  • *
  • Posts: 45
    • View Profile
Packet has dangerous behaviour with char* and operator >&
« on: October 30, 2011, 06:15:04 pm »
Code: [Select]
Packet& Packet::operator >>(char* data)
{
    // First extract string length
    Uint32 length = 0;
    *this >> length;

    if ((length > 0) && CheckSize(length))
    {
        // Then extract characters
        std::memcpy(data, GetData() + myReadPos, length);
        data[length] = '\0';

        // Update reading position
        myReadPos += length;
    }

    return *this;
}


This piece of code is made for buffer overflow. This function should be aware of teh size pointed by data.

As C++ as a string class, this operator overloading should just be removed in my oppinion. To ensure the possibility of binding throw C, a function can be added like read(char* data, size_t maxCharRead).

Laurent

  • Administrator
  • Hero Member
  • *****
  • Posts: 32504
    • View Profile
    • SFML's website
    • Email
Packet has dangerous behaviour with char* and operator >&
« Reply #1 on: October 30, 2011, 07:03:59 pm »
You're right. You should add an issue in the task tracker, so that I don't forget it.
Laurent Gomila - SFML developer

deadalnix

  • Newbie
  • *
  • Posts: 45
    • View Profile
Packet has dangerous behaviour with char* and operator >&
« Reply #2 on: October 31, 2011, 12:16:31 pm »
Well I wanted to do it, but it seems that somebody did it for me.

 

anything