[BUG] Buffer overflow in sf_putints, sf_putfloats (And suggestions)

:bug:  Bug report

**Programs (e.g. sflpef, sfhpef) that uses sf_putints and sf_putfloats may occur buffer overflow.**

In (current version) api/c/file.c, Lines 998, 1000, 1037, 1039:

(L998 as example:)
```c
// v defined as char val[1024], *v=val
// Some iterations of i
/* L998 */ v += snprintf(v,1024,"%g,",par[i]);
```
the pointer v moves forwards when iteration goes on, while the length of snprintf always being 1024, this could lead to buffer overlow.


**To Reproduce**

Steps to reproduce the behavior:
1. Use some programs that employs sf_putints (or sf_putfloats)
2. It happens.


**Screenshots**
Before debugging:
![Image](https://github.com/user-attachments/assets/d71fa860-4da6-4973-aa30-808b27c8f66e)

Debugging:

![Image](https://github.com/user-attachments/assets/e9690210-d16c-4c9f-b5dd-1bed4ec65b7d)

**Desktop (please complete the following information):**

- OS: Ubuntu 24.04.02 LTS
 - GCC Version: (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0

**Suggestions**

Use a smaller length in snprintf, like:
```c
// Some iterations of i
v+=snprintf(v,1023-i*11,"%g,",par[i]);
//...
snprintf(v,1023-n*11,"%d",par[n-1]);
// I use 11 because maxlen 2147483647 = 10 digits plus 1 char ','
// Actually maybe some const value like 20 is ok.
// Or if the list is overlength, use a dynamic char array.
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[BUG] Buffer overflow in sf_putints, sf_putfloats (And suggestions) #315

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] Buffer overflow in sf_putints, sf_putfloats (And suggestions) #315

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions