EGSnrc buffer overflow in egs_dose

buffer overflow in egs_dose_scoring.cpp

Open karnigen opened this issue 3 years ago • 2 comments

There is buffer overflow in egs_dose_scoring.cpp in setApplication() line 259

sprintf(buf,"%*s %*s rho/[g/cm**3]\n",max_medl/2,"medium",max_medl/2," ");

for material names longer then 16 chars. Please increase buffer size at line 135 char buf[32]; to something greater eg 512bytes as in egs_phsp_scoring.cpp or allocate buffer dynamically . Same maybe for beam_dose_scoring.cpp. In egsnrc from development branch.

Jun 11 '21 13:06 karnigen

Or at the very least use snprintf!

Jun 11 '21 15:06 ftessier

All occurrence of sprintf(buf,...) and vsprintf(buf,...) in egs, egs++ should be replaced by snprintf(buf, sizeof(buf),...) or vsnprintf(buf, sizeof(buf),...) to prevent unintended wrong memory access. And some buffer sizes should be increased.

Jun 15 '21 09:06 karnigen

EGSnrc EGSnrc copied to clipboard

buffer overflow in egs_dose_scoring.cpp

EGSnrc
EGSnrc copied to clipboard