Skip to content

[All] Security: unsafe string operations #5902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fredroy wants to merge 15 commits into
base: master
Choose a base branch
from
Open

[All] Security: unsafe string operations #5902

fredroy wants to merge 15 commits into from

Conversation

@fredroy
Copy link
Contributor

@fredroy fredroy commented Jan 29, 2026
edited
Loading

unhandled exception from different string calls and replace unsafe calls of string functions

[with-all-tests]

By submitting this pull request, I acknowledge that
I have read, understand, and agree SOFA Developer Certificate of Origin (DCO).

Reviewers will merge this pull-request only if

  • it builds with SUCCESS for all platforms on the CI.
  • it does not generate new warnings.
  • it does not generate new unit test failures.
  • it does not generate new scene test failures.
  • it does not break API compatibility.
  • it is more than 1 week old (or has fast-merge label).

@fredroy fredroy added pr: fix Fix a bug pr: status to review To notify reviewers to review this pull-request pr: ai-generated Label notifying the reviewers that part or all of the PR has been generated with the help of an AI labels Jan 29, 2026
@fredroy fredroy force-pushed the fix_vulnerabilities_string branch from 0c9de53 to 8d9a23b Compare January 29, 2026 03:53
bakpaul
bakpaul requested changes Jan 30, 2026
View reviewed changes
Copy link
Contributor

@bakpaul bakpaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are going to hate me...

@fredroy
Copy link
Contributor Author

fredroy commented Feb 2, 2026

I think you are going to hate me...

yes 😾

@fredroy fredroy force-pushed the fix_vulnerabilities_string branch 3 times, most recently from ac9f49c to 77923a7 Compare February 2, 2026 23:14
bakpaul
bakpaul approved these changes Feb 3, 2026
View reviewed changes
Copy link
Contributor

@bakpaul bakpaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still one unit test failing,; except this, this PR seems fine by me

fredroy added 15 commits February 4, 2026 08:36
@fredroy
fix unhandled std::stoi exception
f601ea8
@fredroy
fix undefined behavior with empty string
dea2e2a
@fredroy
fix unhandled std::sto* exception
32ef174
@fredroy
fix unhandled std::stoul exception
d37af8c
@fredroy
fix unhandled std::stof exception parsing config file
b71a641
@fredroy
fix Unhandled std::stoi exception on invalid input
4b32ab9
@fredroy
Replace atoi/atof with strtol/strtod with error checking to properly …
0eb5bfa 
…handle invalid input and overflow conditions in string-to-number conversions
@fredroy
Replace unsafe strcpy/strcat with strncpy/strncat and add null termin…
ff27cf5 
…ation
@fredroy
replace strcpy with memcpy
e127cb5
@fredroy
sprintf calls are now replaced with bounds-checked snprintf calls tha…
9d6d847 
…t prevent buffer overflows
@fredroy
add else clause in case it is too long
6dea53b
@fredroy
apply suggestion (string buffer copy)
e6f393c
@fredroy
add a new file to harden code, and factorize string to integer/scalar…
dc36d97 
… conversion
@fredroy
use stl for limits
1e50a35
@fredroy
fix unit test by moving condition (still fixing the UB)
0114992
@fredroy fredroy force-pushed the fix_vulnerabilities_string branch from 77923a7 to 0114992 Compare February 3, 2026 23:36
@fredroy
Copy link
Contributor Author

fredroy commented Feb 4, 2026

[ci-build][with-all-tests]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bakpaul bakpaul bakpaul approved these changes

Assignees

No one assigned

Labels

pr: ai-generated Label notifying the reviewers that part or all of the PR has been generated with the help of an AI pr: fix Fix a bug pr: status to review To notify reviewers to review this pull-request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fredroy @bakpaul