Compiz

Coverity SECURE_CODING - CID 12527 - src/option.cpp - in function: CompOption::stringToColor(std::basic_string<char, std::char_traits<char>, std::allocator<char>>, unsigned short *) - [VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.

Bug #1101491 reported by Product Strategy Coverity Bug Uploader on 2013-01-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Compiz	Fix Released	Medium	Unassigned	Compiz 0.9.12.2
	0.9.9	Won't Fix	Medium	Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12527
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/option.cpp
Function: CompOption::stringToColor(std::basic_string<char, std::char_traits<char>, std::allocator<char>>, unsigned short *)
Code snippet:
657 unsigned short *rgba)
658 {
659 int c[4];
660
CID 12527 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
661 if (sscanf (color.c_str (), "#%2x%2x%2x%2x",
662 &c[0], &c[1], &c[2], &c[3]) == 4)
663 {
664 rgba[0] = c[0] << 8 | c[0];
665 rgba[1] = c[1] << 8 | c[1];
666 rgba[2] = c[2] << 8 | c[2];

Tags:

Revision history for this message

Product Strategy Coverity Bug Uploader (coverity-uploader) wrote on 2013-01-18: compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/option.cpp

compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/option.cpp Edit (107.4 KiB, text/html)

Source file with Coverity annotations.

Changed in compiz:
importance:	Undecided → Medium

MC Return (mc-return) on 2013-07-06

Changed in compiz:
milestone:	none → 0.9.10.0
summary:	- Coverity SECURE_CODING - CID 12527 + Coverity SECURE_CODING - CID 12527 - src/option.cpp - in function: + CompOption::stringToColor(std::basic_string<char, + std::char_traits<char>, std::allocator<char>>, unsigned short *) - [VERY + RISKY]. Using "sscanf" can cause a buffer overflow when done + incorrectly. sscanf() assumes an arbitrarily large string, so callers + must use correct precision specifiers or never use sscanf(). Use correct + precision specifiers or do your own parsing.

Sam Spilsbury (smspillaz) on 2013-07-22

Changed in compiz:
milestone:	0.9.10.0 → 0.9.10.2

MC Return (mc-return) on 2013-07-24

Changed in compiz:
milestone:	0.9.10.2 → 0.9.11.0

Stephen M. Webb (bregma) on 2014-11-06

Changed in compiz:
milestone:	0.9.11.0 → 0.9.12.1
status:	New → Triaged

Stephen M. Webb (bregma) on 2015-02-03

Changed in compiz:
milestone:	0.9.12.1 → 0.9.12.2

sunshine (15055186205-u) on 2016-01-12

Changed in compiz:
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/option.cpp Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.