Coverity TAINTED_STRING - CID 12543 - src/main.cpp - function: main - Assigning: "programName" = "argv[0]". Both are now tainted. Assigning: "programArgv" = "argv". Both are now tainted. Later: Passing tainted string "programName" to "execvp(char const *, char * const *)", which cannot accept tainted data and passing tainted string "*programArgv" to "execvp(char const *, char * const *)", which cannot accept tainted data.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Compiz |
Triaged
|
Low
|
Unassigned | ||
0.9.9 |
Won't Fix
|
Low
|
Unassigned |
Bug Description
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https:/
CID: 12543
Checker: TAINTED_STRING
Category: No category available
CWE definition: http://
File: /tmp/buildd/
Function: main
Code snippet:
248 main (int argc, char **argv)
249 {
250 CompManager manager;
251
CID 12543 - TAINTED_STRING
Assigning: "programName" = "argv[0]". Both are now tainted.
252 programName = argv[0];
253 programArgc = argc;
CID 12543 - TAINTED_STRING
Assigning: "programArgv" = "argv". Both are now tainted.
254 programArgv = argv;
255
256 detectCompizBinPath (argv);
257
summary: |
- Coverity TAINTED_STRING - CID 12543 + Coverity TAINTED_STRING - CID 12543 - src/main.cpp - function: main - + Assigning: "programName" = "argv[0]". Both are now tainted. Assigning: + "programArgv" = "argv". Both are now tainted. Later: Passing tainted + string "programName" to "execvp(char const *, char * const *)", which + cannot accept tainted data and passing tainted string "*programArgv" to + "execvp(char const *, char * const *)", which cannot accept tainted + data. |
Changed in compiz: | |
milestone: | none → 0.9.10.0 |
Changed in compiz: | |
milestone: | 0.9.10.0 → 0.9.10.2 |
Changed in compiz: | |
milestone: | 0.9.10.2 → 0.9.11.0 |
Changed in compiz: | |
milestone: | 0.9.11.0 → 0.9.12.1 |
status: | New → Triaged |
Changed in compiz: | |
milestone: | 0.9.12.1 → 0.9.12.2 |
Source file with Coverity annotations.