Compiz

Coverity SECURE_CODING - CID 12526 - src/action.cpp - in function: CompAction::ButtonBinding::fromString(...) - Using "sscanf" can cause a buffer overflow when done incorrectly. Use correct precision specifiers or do your own parsing.

Bug #1101384 reported by Product Strategy Coverity Bug Uploader
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Compiz
Triaged
Medium
Unassigned
Compiz 0.9.12.2
0.9.9
Won't Fix
Medium
Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12526
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/action.cpp
Function: CompAction::ButtonBinding::fromString(const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&)
Code snippet:
289 if (start != str.size () && str.compare (start, 6, "Button") == 0)
290 {
291 int buttonNum;
292
CID 12526 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
293 if (sscanf (str.substr (start + 6).c_str (), "%d", &buttonNum) == 1)
294 {
295 mButton = buttonNum;
296 mModifiers = mods;
297
298 return true;

Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/action.cpp

Source file with Coverity annotations.

Changed in compiz:
importance: Undecided → Medium
MC Return (mc-return)
summary: - Coverity SECURE_CODING - CID 12526
+ Coverity SECURE_CODING - CID 12526 - src/action.cpp - in function:
+ CompAction::ButtonBinding::fromString(...) - Using "sscanf" can cause a
+ buffer overflow when done incorrectly. Use correct precision specifiers
+ or do your own parsing.
Changed in compiz:
milestone: none → 0.9.10.0
MC Return (mc-return)
Changed in compiz:
milestone: 0.9.10.0 → 0.9.11.0
Stephen M. Webb (bregma)
Changed in compiz:
status: New → Triaged
milestone: 0.9.11.0 → 0.9.12.1
Stephen M. Webb (bregma)
Changed in compiz:
milestone: 0.9.12.1 → 0.9.12.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.