Coverity SECURE_CODING - CID 12527 - src/option.cpp - in function: CompOption::stringToColor(std::basic_string<char, std::char_traits<char>, std::allocator<char>>, unsigned short *) - [VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Compiz |
Fix Released
|
Medium
|
Unassigned | ||
0.9.9 |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https:/
CID: 12527
Checker: SECURE_CODING
Category: No category available
CWE definition: http://
File: /tmp/buildd/
Function: CompOption:
Code snippet:
657 unsigned short *rgba)
658 {
659 int c[4];
660
CID 12527 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
661 if (sscanf (color.c_str (), "#%2x%2x%2x%2x",
662 &c[0], &c[1], &c[2], &c[3]) == 4)
663 {
664 rgba[0] = c[0] << 8 | c[0];
665 rgba[1] = c[1] << 8 | c[1];
666 rgba[2] = c[2] << 8 | c[2];
Changed in compiz: | |
milestone: | none → 0.9.10.0 |
summary: |
- Coverity SECURE_CODING - CID 12527 + Coverity SECURE_CODING - CID 12527 - src/option.cpp - in function: + CompOption::stringToColor(std::basic_string<char, + std::char_traits<char>, std::allocator<char>>, unsigned short *) - [VERY + RISKY]. Using "sscanf" can cause a buffer overflow when done + incorrectly. sscanf() assumes an arbitrarily large string, so callers + must use correct precision specifiers or never use sscanf(). Use correct + precision specifiers or do your own parsing. |
Changed in compiz: | |
milestone: | 0.9.10.0 → 0.9.10.2 |
Changed in compiz: | |
milestone: | 0.9.10.2 → 0.9.11.0 |
Changed in compiz: | |
milestone: | 0.9.11.0 → 0.9.12.1 |
status: | New → Triaged |
Changed in compiz: | |
milestone: | 0.9.12.1 → 0.9.12.2 |
Changed in compiz: | |
status: | Triaged → Fix Released |
Source file with Coverity annotations.