Coverity SECURE_CODING - CID 12515 - plugins/screenshot/src/screenshot.cpp - in function: shotFilter(const dirent *) - Using "sscanf" can cause a buffer overflow when done incorrectly. Use correct precision specifiers or do your own parsing.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Compiz |
Triaged
|
Medium
|
Unassigned | ||
0.9.9 |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https:/
CID: 12515
Checker: SECURE_CODING
Category: No category available
CWE definition: http://
File: /tmp/buildd/
Function: shotFilter(const dirent *)
Code snippet:
121 shotFilter (const struct dirent *d)
122 {
123 int number;
124
CID 12515 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
125 if (sscanf (d->d_name, "screenshot%d.png", &number))
126 {
127 int nDigits = 0;
128
129 for (; number > 0; number /= 10)
130 nDigits++;
summary: |
- Coverity SECURE_CODING - CID 12515 + Coverity SECURE_CODING - CID 12515 - + plugins/screenshot/src/screenshot.cpp - in function: shotFilter(const + dirent *) - Using "sscanf" can cause a buffer overflow when done + incorrectly. Use correct precision specifiers or do your own parsing. |
Changed in compiz: | |
milestone: | none → 0.9.10.0 |
Changed in compiz: | |
milestone: | 0.9.10.0 → 0.9.10.2 |
Changed in compiz: | |
milestone: | 0.9.10.2 → 0.9.11.0 |
Changed in compiz: | |
status: | New → Triaged |
milestone: | 0.9.11.0 → 0.9.12.1 |
Changed in compiz: | |
milestone: | 0.9.12.1 → 0.9.12.2 |
Source file with Coverity annotations.