|
if (ReadConsole(GetStdHandle(STD_INPUT_HANDLE),str,DWORD(n-1),&ReadSize,NULL)==0) |
|
return false; |
|
str[ReadSize]=0; |
|
} |
|
#else |
|
if (fgetws(str,n,stdin)==NULL) |
|
ErrHandler.Exit(RARX_USERBREAK); // Avoid infinite Ask() loop. |
|
#endif |
|
RemoveLF(str); |
|
return true; |
|
} |
Filename: consio.cpp
Line: 311
CWE: 121 (Stack-based Buffer Overflow)
This call to fgetws() contains a buffer overflow. The source string has an allocated size of (unavailable) bytes, and the destination buffer is (unavailable) bytes. If an attacker can control the data written into the buffer, the overflow may result in execution of arbitrary code. Ensure that the destination buffer is of sufficient size, either by allocating it dynamically or by restricting the size of the source to a reasonable length. References: CWE OWASP Veracode/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode
Sumatrapdf-cpp//ext/unrar/consio.cpp
Lines 306 to 316 in feca3c8
Filename: consio.cpp
Line: 311
CWE: 121 (Stack-based Buffer Overflow)
This call to fgetws() contains a buffer overflow. The source string has an allocated size of (unavailable) bytes, and the destination buffer is (unavailable) bytes. If an attacker can control the data written into the buffer, the overflow may result in execution of arbitrary code. Ensure that the destination buffer is of sufficient size, either by allocating it dynamically or by restricting the size of the source to a reasonable length. References: CWE OWASP Veracode/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode