Coverity SECURE_CODING - CID 10860
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Application Menu Indicator |
Fix Released
|
Low
|
Charles Kerr | ||
0.4 |
Fix Released
|
Low
|
Charles Kerr |
Bug Description
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https:/
CID: 10860
Checker: SECURE_CODING
Category: No category available
CWE definition: http://
File: /tmp/buildd/
Function: hud_string_
Code snippet:
117 headlen = strlen (head);
118
119 list = g_malloc (G_STRUCT_OFFSET (HudStringList, head) + headlen + 1);
120 list->tail = hud_string_list_ref (tail);
CID 10860 - SECURE_CODING
[VERY RISKY]. Using "strcpy" can cause a buffer overflow when done incorrectly. If the destination string of a strcpy() is not large enough then anything might happen. Use strncpy() instead.
121 strcpy (list->head, head);
122 list->ref_count = 1;
123
124 return list;
125 }
126
Related branches
- Conor Curran (community): Approve
-
Diff: 10 lines (+1/-0)1 file modifiedsrc/hudstringlist.c (+1/-0)
- Ken VanDine: Pending requested
-
Diff: 1560 lines (+613/-245)32 files modifiedChangeLog (+255/-0)
Makefile.am (+1/-35)
Makefile.am.coverage (+48/-0)
Makefile.in (+45/-39)
configure (+106/-68)
configure.ac (+4/-1)
data/Makefile.in (+5/-11)
debian/changelog (+19/-1)
debian/control (+4/-0)
docs/devel/html/HudAppMenuRegistrar.html (+1/-1)
docs/devel/html/HudDbusmenuCollector.html (+3/-3)
docs/devel/html/HudResult.html (+4/-4)
docs/devel/html/HudSource.html (+7/-7)
docs/devel/html/ch01.html (+1/-1)
docs/devel/html/ch02.html (+1/-1)
docs/devel/html/ch03.html (+1/-1)
docs/devel/html/ch04.html (+1/-1)
docs/devel/html/ch05.html (+1/-1)
docs/devel/html/hud-HudSettings.html (+2/-20)
docs/man/hud-cli.1 (+2/-2)
docs/man/hud-dump-application.1 (+2/-2)
docs/man/hud-list-applications.1 (+2/-2)
docs/man/hud-verify-app-info.1 (+2/-2)
m4/gcov.m4 (+13/-10)
src/Makefile.in (+18/-18)
src/hudquery.c (+1/-1)
src/hudtoken.c (+6/-0)
src/hudtoken.h (+1/-0)
src/indicator-appmenu.c (+2/-0)
tests/Makefile.in (+53/-11)
tests/test-dbus-message-count.in (+1/-1)
tools-vala/hud-gtk.c (+1/-1)
Source file with Coverity annotations.