Coverity SECURE_CODING - CID 12505 - compizconfig/libcompizconfig/src/compiz.cpp - in function: loadPluginsFromName(_CCSContext *, char *) - [VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Compiz |
Triaged
|
Medium
|
Unassigned | ||
0.9.9 |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https:/
CID: 12505
Checker: SECURE_CODING
Category: No category available
CWE definition: http://
File: /tmp/buildd/
Function: loadPluginsFrom
Code snippet:
3031
3032 for (int i = 0; i < nFile; i++)
3033 {
3034 char name[1024];
CID 12505 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
3035 sscanf (nameList[
3036 if (strlen (name) > 3)
3037 name[strlen (name) - 3] = 0;
3038 free (nameList[i]);
3039 addPluginNamed (context, name);
3040 }
summary: |
- Coverity SECURE_CODING - CID 12505 + Coverity SECURE_CODING - CID 12505 - + compizconfig/libcompizconfig/src/compiz.cpp - in function: + loadPluginsFromName(_CCSContext *, char *) - [VERY RISKY]. Using + "sscanf" can cause a buffer overflow when done incorrectly. sscanf() + assumes an arbitrarily large string, so callers must use correct + precision specifiers or never use sscanf(). Use correct precision + specifiers or do your own parsing. |
Changed in compiz: | |
milestone: | none → 0.9.10.0 |
Changed in compiz: | |
milestone: | 0.9.10.0 → 0.9.10.2 |
Changed in compiz: | |
milestone: | 0.9.10.2 → 0.9.11.0 |
Changed in compiz: | |
status: | New → Triaged |
milestone: | 0.9.11.0 → 0.9.12.1 |
Changed in compiz: | |
milestone: | 0.9.12.1 → 0.9.12.2 |
Source file with Coverity annotations.