Replace unsafe sprintf() in NSWL1Simulation::initialize() (!40420) · Merge requests · atlas / athena

Yuval Zach requested to merge yzach/athena:hotfix/unsafe-sprintf into 21.3 Feb 07, 2021

In NSWL1Simulation::initialize(), two calls are made to sprintf into a stack-allocated array. The format string is unbounded, meaning a name() longer than 36 characters (extremely unlikely) will result in a stack buffer overflow.

This replaces the sprintf and char arrays with C++ strings.

Replace unsafe sprintf() in NSWL1Simulation::initialize()

Merge request reports