Problem 564 - Buffer overflow with long file names in G4eIonisationParameters
Summary: Buffer overflow with long file names in G4eIonisationParameters
Status: RESOLVED FIXED
Alias: None
Product: Geant4
Classification: Unclassified
Component: processes/electromagnetic/lowenergy (show other problems)
Version: other
Hardware: PC Linux
: P2 critical
Assignee: Vladimir.Ivantchenko
URL:
Depends on:
Blocks:
 
Reported: 2004-01-16 01:18 CET by azoglauer
Modified: 2004-02-17 06:57 CET (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this problem.
Description azoglauer 2004-01-16 01:18:16 CET 
This applies to Geant4 release 6.0 and probably all platforms and OSes.

In G4eIonisationParameters.cc the following code limits the file length of the
G4LEDATA (ionisation part) to 100 characters:

l. 188 ff:

    char nameChar[100] = {""};
    std::ostrstream ost(nameChar, 100, std::ios::out);
    ost << pathString << Z << ".dat";
    G4String name(nameChar);

I have no idea why the ostrstream has been initialized with a char array.
If this is important one should increase the character size to at least 1000:

    char nameChar[1000] = {""};
    std::ostrstream ost(nameChar, 1000, std::ios::out);

If there has been no good reason to initialize the ostrstream with an array, a
nicer alternative would be:

    std::ostrstream ost;
    ost << pathString << Z << ".dat";
    G4String name(nameChar);

I have tested both version successfully on debian linux.

Let me know, when the problem is fixed.

Andreas Zoglauer
Comment 1 Vladimir.Ivantchenko 2004-02-17 04:30:59 CET 
Andreas is absolutly right. Bug is fixed will be in the reference versions
Comment 2 Vladimir.Ivantchenko 2004-02-17 06:57:59 CET 
Fixed