From 9e6af4f0e29d7e183f7a623ff4ca9033c6bb9f9a Mon Sep 17 00:00:00 2001 From: Frank Winklmeier <frank.winklmeier@cern.ch> Date: Thu, 15 Dec 2022 11:25:48 +0100 Subject: [PATCH] RegionSelector: cppcheck fix (invalidscanf) Limit the maximum number of characters consumed in `sscanf` to avoid potential buffer overflow. --- .../RegionSelector/src/RegSelectorHashMap.cxx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/DetectorDescription/RegionSelector/src/RegSelectorHashMap.cxx b/DetectorDescription/RegionSelector/src/RegSelectorHashMap.cxx index 3be8aabb3ec0..07078c0ab6e4 100755 --- a/DetectorDescription/RegionSelector/src/RegSelectorHashMap.cxx +++ b/DetectorDescription/RegionSelector/src/RegSelectorHashMap.cxx @@ -1,5 +1,5 @@ /* - Copyright (C) 2002-2020 CERN for the benefit of the ATLAS collaboration + Copyright (C) 2002-2022 CERN for the benefit of the ATLAS collaboration */ #include "RegionSelector/RegSelectorHashMap.h" @@ -560,7 +560,8 @@ StatusCode RegSelectorHashMap::read(const char *filename){ do{ robId.clear(); pch = strchr(buffer,' '); - int test = sscanf(pch, " %u %d %d %lf %lf %lf %lf %s %s", &hashId, &layer, &samp, &emin, &emax, &pmin, &pmax, robIdStr, robIdStr2); + int test = sscanf(pch, " %u %d %d %lf %lf %lf %lf %11s %11s", // max 11 chars + null-byte + &hashId, &layer, &samp, &emin, &emax, &pmin, &pmax, robIdStr, robIdStr2); robId.push_back(strtol(robIdStr,nullptr,16)); if ( test == 9 ) // this means that there are 2 ROBs in 1 TT robId.push_back(strtol(robIdStr2,nullptr,16)); -- GitLab