[6.40] Fix potential buffer overflow in TString#22280
Merged
bellenot merged 1 commit intoMay 13, 2026
Merged
Conversation
…#22228) As reported here: https://github.com/root-project/root/security/code-scanning/1843 - Fixes root-project#22218 - Fixes https://github.com/root-project/root/security/code-scanning/1843 TString::FormImp used a heuristic buffer size and passed an assumed length to vsnprintf, which static analyzers could not prove matched the actual allocated buffer. In addition, the same va_list was reused across multiple vsnprintf calls, resulting in undefined behavior on some platforms. The implementation was rewritten to use a two‑pass vsnprintf approach: the first pass computes the exact required length, and Clobber() is used to allocate sufficient space including the null terminator. A second pass formats the string into the allocated buffer using a fresh va_list copy. This change: - Guarantees that the size passed to vsnprintf matches the allocated buffer - Eliminates undefined behavior from va_list reuse - Removes heuristic resizing loops - Silences static analysis warnings for legitimate reasons - Preserves existing TString semantics and limits (cherry picked from commit e217071)
Test Results 22 files 22 suites 3d 10h 32m 16s ⏱️ For more details on these failures, see this check. Results for commit 413931c. |
bellenot
merged commit bc65ef9
into
root-project:v6-40-00-patches
31 of 33 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #22228, requested by @bellenot.