Coding - Dangerous use of 'cin' (#681)

- Replaced hardcoded buffer sizes with `constexpr size_t aBufferSize` constants
- Added `width()` calls to input streams before reading to prevent buffer overflows
- Applied consistent buffer size management across multiple input operations

diff --git a/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx b/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx
index da2e5d355303b865f32374c496f1e589809d5474..9b7d8eb2bf23ff03ffe797438213577a269daf06 100644 (file)
--- a/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx
+++ b/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx
@@ -3038,8 +3038,10 @@ Standard_Integer IFSelect_Functions::GiveEntityNumber(const Handle(IFSelect_Work
   Standard_Integer num = 0;
   if (!name || name[0] == '\0')
   {
-    char ligne[80];
+    constexpr size_t aBufferSize = 80;
+    char             ligne[aBufferSize];
     ligne[0] = '\0';
+    std::cin.width(aBufferSize);
     std::cin >> ligne;
     //    std::cin.clear();  std::cin.getline (ligne,79);
     if (ligne[0] == '\0')

diff --git a/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx b/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx
index 40ccd00e6a5067ae7f85a5912629c9b65928f59d..534c9cf7679a984889dc25205501f1e60efc838b 100644 (file)
--- a/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx
+++ b/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx
@@ -554,7 +554,9 @@ static Standard_Integer interpol(Draw_Interpretor& di, Standard_Integer n, const
     Standard_Integer nbp, i;
     Standard_Real    x, y, z;
     iFile >> nbp;
-    char dimen[3];
+    constexpr size_t aBufferSize = 3;
+    char             dimen[aBufferSize];
+    iFile.width(aBufferSize);
     iFile >> dimen;
     if (!strcmp(dimen, "3d"))
     {

diff --git a/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx b/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx
index cbce082ae7798df409087dab485e1acd1a55ba1a..a9d0c2edea29cec80b0ad0cc87b12858f23e761f 100644 (file)
--- a/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx
+++ b/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx
@@ -91,8 +91,10 @@ static Standard_Integer GiveEntityNumber(const Handle(XSControl_WorkSession)& WS
   Standard_Integer num = 0;
   if (!name || name[0] == '\0')
   {
-    char ligne[80];
+    constexpr size_t aBufferSize = 80;
+    char             ligne[aBufferSize];
     ligne[0] = '\0';
+    std::cin.width(aBufferSize);
     std::cin >> ligne;
     //    std::cin.clear();  std::cin.getline (ligne,79);
     if (ligne[0] == '\0')
@@ -221,7 +223,9 @@ static Standard_Integer igesbrep(Draw_Interpretor& theDI,
       modepri = -1;
 
       // amv 26.09.2003 : this is used to avoid error of enter's symbol
-      char str[80];
+      constexpr size_t aBufferSize = 80;
+      char             str[aBufferSize];
+      std::cin.width(aBufferSize);
       std::cin >> str;
       modepri = Draw::Atoi(str);
     }
@@ -267,7 +271,9 @@ static Standard_Integer igesbrep(Draw_Interpretor& theDI,
                   << std::flush;
         answer = -1;
         // amv 26.09.2003
-        char str_a[80];
+        constexpr size_t aBufferSize = 80;
+        char             str_a[aBufferSize];
+        std::cin.width(aBufferSize);
         std::cin >> str_a;
         answer = Draw::Atoi(str_a);
       }
@@ -454,7 +460,9 @@ static Standard_Integer igesbrep(Draw_Interpretor& theDI,
                     << std::flush;
           answer = -1;
           // anv 26.09.2003
-          char str_answer[80];
+          constexpr size_t aBufferSize = 80;
+          char             str_answer[aBufferSize];
+          std::cin.width(aBufferSize);
           std::cin >> str_answer;
           answer = Draw::Atoi(str_answer);
         }