Coverity SECURE_CODING - CID 12505 - compizconfig/libcompizconfig/src/compiz.cpp - in function: loadPluginsFromName(_CCSContext *, char *) - [VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12505
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/compizconfig/libcompizconfig/src/compiz.cpp
Function: loadPluginsFromName(_CCSContext *, char *)
Code snippet:
3031
3032 for (int i = 0; i < nFile; i++)
3033 {
3034 char name[1024];
CID 12505 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
3035 sscanf (nameList[i]->d_name, "lib%s", name);
3036 if (strlen (name) > 3)
3037 name[strlen (name) - 3] = 0;
3038 free (nameList[i]);
3039 addPluginNamed (context, name);
3040 }