Skip to content

[IO] Fix potential buffer overflow#22161

Open
bellenot wants to merge 2 commits intoroot-project:masterfrom
bellenot:fix-security-code-scanning-1846
Open

[IO] Fix potential buffer overflow#22161
bellenot wants to merge 2 commits intoroot-project:masterfrom
bellenot:fix-security-code-scanning-1846

Conversation

@bellenot
Copy link
Copy Markdown
Member

@bellenot bellenot commented May 6, 2026

@bellenot bellenot requested a review from dpiparo May 6, 2026 13:59
@bellenot bellenot self-assigned this May 6, 2026
@bellenot bellenot requested a review from pcanal as a code owner May 6, 2026 13:59
pcanal
pcanal reviewed May 6, 2026
View reviewed changes
Comment thread io/io/src/TFile.cxx Outdated
// if there is a symbolic link with '.ROOT.cachefile' for safety ;-)

TString cmd;
TString cmd(4096);
Copy link
Copy Markdown
Member

@pcanal pcanal May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's use a constant here and line 4413 to clarify that they must stay in sync.

Copy link
Copy Markdown
Member

@pcanal pcanal May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually ... the 'real' size is what ever the result of the 'Form' call is .... how does it relates to the 4096 (is 4096 an upper limit?)

Copy link
Copy Markdown
Member Author

@bellenot bellenot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's use a constant here and line 4413 to clarify that they must stay in sync.

I agree, but if I use a constant, no need to clarify, it becomes obvious. Let's see...

Copy link
Copy Markdown
Member Author

@bellenot bellenot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually ... the 'real' size is what ever the result of the 'Form' call is .... how does it relates to the 4096 (is 4096 an upper limit?)

Ask the author 😉

@bellenot
Copy link
Copy Markdown
Member Author

bellenot commented May 6, 2026
edited
Loading

@pcanal so we could simply use:

 tagfile->WriteBuffer(cmd, cmd.Sizeof());

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 6, 2026

Test Results

    22 files      22 suites   3d 9h 31m 31s ⏱️
 3 847 tests  3 845 ✅ 0 💤 2 ❌
75 989 runs  75 987 ✅ 0 💤 2 ❌

For more details on these failures, see this check.

Results for commit 17f66a9.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pcanal pcanal pcanal left review comments

@dpiparo dpiparo Awaiting requested review from dpiparo

At least 1 approving review is required to merge this pull request.

Assignees

@bellenot bellenot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bellenot @pcanal