Coverity SECURE_CODING - CID 12505 - compizconfig/libcompizconfig/src/compiz.cpp - in function: loadPluginsFromName(_CCSContext *, char *) - [VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.

Bug #1101583 reported by Product Strategy Coverity Bug Uploader
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Compiz
Triaged
Medium
Unassigned
0.9.9
Won't Fix
Medium
Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12505
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/compizconfig/libcompizconfig/src/compiz.cpp
Function: loadPluginsFromName(_CCSContext *, char *)
Code snippet:
3031
3032 for (int i = 0; i < nFile; i++)
3033 {
3034 char name[1024];
CID 12505 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
3035 sscanf (nameList[i]->d_name, "lib%s", name);
3036 if (strlen (name) > 3)
3037 name[strlen (name) - 3] = 0;
3038 free (nameList[i]);
3039 addPluginNamed (context, name);
3040 }

Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/compizconfig/libcompizconfig/src/compiz.cpp

Source file with Coverity annotations.

Changed in compiz:
importance: Undecided → Medium
MC Return (mc-return)
summary: - Coverity SECURE_CODING - CID 12505
+ Coverity SECURE_CODING - CID 12505 -
+ compizconfig/libcompizconfig/src/compiz.cpp - in function:
+ loadPluginsFromName(_CCSContext *, char *) - [VERY RISKY]. Using
+ "sscanf" can cause a buffer overflow when done incorrectly. sscanf()
+ assumes an arbitrarily large string, so callers must use correct
+ precision specifiers or never use sscanf(). Use correct precision
+ specifiers or do your own parsing.
Changed in compiz:
milestone: none → 0.9.10.0
Changed in compiz:
milestone: 0.9.10.0 → 0.9.10.2
MC Return (mc-return)
Changed in compiz:
milestone: 0.9.10.2 → 0.9.11.0
Stephen M. Webb (bregma)
Changed in compiz:
status: New → Triaged
milestone: 0.9.11.0 → 0.9.12.1
Stephen M. Webb (bregma)
Changed in compiz:
milestone: 0.9.12.1 → 0.9.12.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.