Open abernklau1 opened 2 weeks ago
These are the lines question:
char name[64];
int max_length = 64;
int actual_length = 0;
int size = 0;
GLenum type;
glGetActiveAttrib(programHandle, i, max_length, &actual_length, &size, &type, name );
if( size > 1 ) {
for( int j = 0; j < size; j++ ) {
char long_name[64];
sprintf( long_name, "%s[%i]", name, j );
The concern is that sprintf
could exceed the size of long_name. And actually that is possible if name
is full. snprintf
accepts the max length to write to prevent overflow writes.
There's a little bit more to this than just simply replacing sprintf
with snprintf
. We need to verify the length/format of name
and long_name
when querying the uniforms and uniform blocks.
When building a project on Mac using 'cmake .' followed by 'make' this warning occurs:
In file included from /Users//Downloads/lab00/Lab00BEngine.cpp:3:
In file included from /usr/local/include/CSCI441/SimpleShader.hpp:18:
/usr/local/include/CSCI441/ShaderUtils.hpp:506:21: warning: 'sprintf' is deprecated: This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Wdeprecated-declarations]
sprintf(long_name, "%s[%i]", name, j);
^
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX14.5.sdk/usr/include/stdio.h:180:1: note: 'sprintf' has been explicitly marked deprecated here
__deprecated_msg("This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead.")
^
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX14.5.sdk/usr/include/sys/cdefs.h:218:48: note: expanded from macro '__deprecated_msg'
define deprecated_msg(_msg) attribute((deprecated__(_msg)))
2 warnings generated.