Coverity SECURE_CODING - CID 12509 - plugins/animation/src/options.cpp - in function: PrivateAnimScreen::updateOptionSet(OptionSet *, const char *) - [VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Compiz |
Triaged
|
Medium
|
Unassigned | ||
0.9.9 |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https:/
CID: 12509
Checker: SECURE_CODING
Category: No category available
CWE definition: http://
File: /tmp/buildd/
Function: PrivateAnimScre
Code snippet:
130 unsigned int len = strlen (optNamesValues
131 char *optNamesValues = (char *)calloc (len + 1, 1);
132
133 // Find the first substring with no spaces in it
CID 12509 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
134 sscanf (optNamesValues
135 if (!strlen (optNamesValues))
136 {
137 free (optNamesValues);
138 return;
139 }
Changed in compiz: | |
milestone: | none → 0.9.10.0 |
summary: |
- Coverity SECURE_CODING - CID 12509 + Coverity SECURE_CODING - CID 12509 - plugins/animation/src/options.cpp - + in function: PrivateAnimScreen::updateOptionSet(OptionSet *, const char + *) - [VERY RISKY]. Using "sscanf" can cause a buffer overflow when done + incorrectly. sscanf() assumes an arbitrarily large string, so callers + must use correct precision specifiers or never use sscanf(). Use correct + precision specifiers or do your own parsing. |
Changed in compiz: | |
milestone: | 0.9.10.0 → 0.9.10.2 |
Changed in compiz: | |
milestone: | 0.9.10.2 → 0.9.11.0 |
Changed in compiz: | |
status: | New → Triaged |
milestone: | 0.9.11.0 → 0.9.12.1 |
Changed in compiz: | |
milestone: | 0.9.12.1 → 0.9.12.2 |
Source file with Coverity annotations.