From: Pasukhin Dmitry <dpasukhi@opencascade.com>
Date: Sun, 17 Aug 2025 20:03:18 +0000 (+0100)
Subject: Coding - Dangerous use of 'cin' (#681)
X-Git-Url: http://git.dev.opencascade.org/gitweb/?a=commitdiff_plain;p=occt.git

Coding - Dangerous use of 'cin' (#681)

- Replaced hardcoded buffer sizes with `constexpr size_t aBufferSize` constants
- Added `width()` calls to input streams before reading to prevent buffer overflows
- Applied consistent buffer size management across multiple input operations
---

diff --git a/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx b/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx
index da2e5d3553..9b7d8eb2bf 100644
--- a/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx
+++ b/src/DataExchange/TKXSBase/IFSelect/IFSelect_Functions.cxx
@@ -3038,8 +3038,10 @@ Standard_Integer IFSelect_Functions::GiveEntityNumber(const Handle(IFSelect_Work
   Standard_Integer num = 0;
   if (!name || name[0] == '\0')
   {
-    char ligne[80];
+    constexpr size_t aBufferSize = 80;
+    char             ligne[aBufferSize];
     ligne[0] = '\0';
+    std::cin.width(aBufferSize);
     std::cin >> ligne;
     //    std::cin.clear();  std::cin.getline (ligne,79);
     if (ligne[0] == '\0')
diff --git a/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx b/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx
index 40ccd00e6a..534c9cf767 100644
--- a/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx
+++ b/src/Draw/TKTopTest/GeometryTest/GeometryTest_ConstraintCommands.cxx
@@ -554,7 +554,9 @@ static Standard_Integer interpol(Draw_Interpretor& di, Standard_Integer n, const
     Standard_Integer nbp, i;
     Standard_Real    x, y, z;
     iFile >> nbp;
-    char dimen[3];
+    constexpr size_t aBufferSize = 3;
+    char             dimen[aBufferSize];
+    iFile.width(aBufferSize);
     iFile >> dimen;
     if (!strcmp(dimen, "3d"))
     {
diff --git a/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx b/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx
index cbce082ae7..a9d0c2edea 100644
--- a/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx
+++ b/src/Draw/TKXSDRAWIGES/XSDRAWIGES/XSDRAWIGES.cxx
@@ -91,8 +91,10 @@ static Standard_Integer GiveEntityNumber(const Handle(XSControl_WorkSession)& WS
   Standard_Integer num = 0;
   if (!name || name[0] == '\0')
   {
-    char ligne[80];
+    constexpr size_t aBufferSize = 80;
+    char             ligne[aBufferSize];
     ligne[0] = '\0';
+    std::cin.width(aBufferSize);
     std::cin >> ligne;
     //    std::cin.clear();  std::cin.getline (ligne,79);
     if (ligne[0] == '\0')
@@ -221,7 +223,9 @@ static Standard_Integer igesbrep(Draw_Interpretor& theDI,
       modepri = -1;
 
       // amv 26.09.2003 : this is used to avoid error of enter's symbol
-      char str[80];
+      constexpr size_t aBufferSize = 80;
+      char             str[aBufferSize];
+      std::cin.width(aBufferSize);
       std::cin >> str;
       modepri = Draw::Atoi(str);
     }
@@ -267,7 +271,9 @@ static Standard_Integer igesbrep(Draw_Interpretor& theDI,
                   << std::flush;
         answer = -1;
         // amv 26.09.2003
-        char str_a[80];
+        constexpr size_t aBufferSize = 80;
+        char             str_a[aBufferSize];
+        std::cin.width(aBufferSize);
         std::cin >> str_a;
         answer = Draw::Atoi(str_a);
       }
@@ -454,7 +460,9 @@ static Standard_Integer igesbrep(Draw_Interpretor& theDI,
                     << std::flush;
           answer = -1;
           // anv 26.09.2003
-          char str_answer[80];
+          constexpr size_t aBufferSize = 80;
+          char             str_answer[aBufferSize];
+          std::cin.width(aBufferSize);
           std::cin >> str_answer;
           answer = Draw::Atoi(str_answer);
         }