PR# 19969 Potential buffer overflow in EiffelVision GTK binding

Problem Report Summary

Submitter: gobobe

Category: EiffelVision

Priority: Low

Date: 2026/01/05

Class: Bug

Severity: Non-critical

Number: 19969

Release: 25.02.9.8732

Confidential: No

Status: Closed

Responsible:

Environment: win

Synopsis: Potential buffer overflow in EiffelVision GTK binding

Description

When compiling the C code for the GTK binding with gcc, it complains about potential buffer overflow in ev_c_util.c:

```c
			if ( strlen (log_domain) + strlen (level) > 999 )
				sprintf (buf, "%s-%s\n", log_domain, level);
			else
				sprintf (buf, "GTK-%s\n", level);
```

The two lines should be inverted, and a "+1" should be added for the hyphen.
Here is a reorganization of the nested if-statements:

```c
		if ( strlen (log_domain) + strlen (level) + strlen (message) + 2 < 1000 )
			sprintf (buf, "%s-%s %s", log_domain, level, message);
		else if ( strlen (log_domain) + strlen (level) + 1 < 1000 )
			sprintf (buf, "%s-%s\n", log_domain, level);
		else
			sprintf (buf, "GTK-%s\n", level);
```

--
Eric Bezault

To Reproduce

Problem Report Interactions

From:jfiat_es Date:2026/01/06 Status: Closed Download

Applied
see https://github.com/EiffelSoftware/es-libraries/commit/c4d4def6f4182f1707e39be03627c5fef1c7b9cb

From:gobobe Date:2026/01/05 Status: Open Download

See https://github.com/EiffelSoftware/es-libraries/pull/5