Coverity SECURE_CODING - CID 12515 - plugins/screenshot/src/screenshot.cpp - in function: shotFilter(const dirent *) - Using "sscanf" can cause a buffer overflow when done incorrectly. Use correct precision specifiers or do your own parsing.

Bug #1101451 reported by Product Strategy Coverity Bug Uploader
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Compiz
Triaged
Medium
Unassigned
0.9.9
Won't Fix
Medium
Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12515
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/screenshot/src/screenshot.cpp
Function: shotFilter(const dirent *)
Code snippet:
121 shotFilter (const struct dirent *d)
122 {
123 int number;
124
CID 12515 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
125 if (sscanf (d->d_name, "screenshot%d.png", &number))
126 {
127 int nDigits = 0;
128
129 for (; number > 0; number /= 10)
130 nDigits++;

Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/screenshot/src/screenshot.cpp

Source file with Coverity annotations.

Changed in compiz:
importance: Undecided → Medium
MC Return (mc-return)
summary: - Coverity SECURE_CODING - CID 12515
+ Coverity SECURE_CODING - CID 12515 -
+ plugins/screenshot/src/screenshot.cpp - in function: shotFilter(const
+ dirent *) - Using "sscanf" can cause a buffer overflow when done
+ incorrectly. Use correct precision specifiers or do your own parsing.
Changed in compiz:
milestone: none → 0.9.10.0
Changed in compiz:
milestone: 0.9.10.0 → 0.9.10.2
MC Return (mc-return)
Changed in compiz:
milestone: 0.9.10.2 → 0.9.11.0
Stephen M. Webb (bregma)
Changed in compiz:
status: New → Triaged
milestone: 0.9.11.0 → 0.9.12.1
Stephen M. Webb (bregma)
Changed in compiz:
milestone: 0.9.12.1 → 0.9.12.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.