Coverity SECURE_CODING - CID 10339
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
BAMF |
New
|
Medium
|
Unassigned | |||
Legacy |
New
|
Medium
|
Unassigned | |||
Messaging Menu |
New
|
Medium
|
Unassigned | |||
12.10 |
New
|
Undecided
|
Unassigned | |||
dee | Status tracked in 1.0 | |||||
1.0 |
New
|
Medium
|
Unassigned | |||
libappindicator |
New
|
Medium
|
Unassigned | |||
13.04 |
New
|
Medium
|
Unassigned |
Bug Description
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https:/
CID: 10339
Checker: SECURE_CODING
Category: No category available
CWE definition: http://
File: /tmp/buildd/
Function: output_
Code snippet:
186 /* Output the signal object type and the argument name. We assume the
187 type is a pointer - I think that is OK. We remove "Gtk" or "Gnome" and
188 convert to lower case for the argument name. */
189 pos = buffer;
CID 10339 - SECURE_CODING
[VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
190 sprintf (pos, "%s ", object_name);
191 pos += strlen (pos);
192
193 /* Try to come up with a sensible variable name for the first arg
194 * It chops off 2 know prefixes :/ and makes the name lowercase
195 * It should replace lowercase -> uppercase with '_'
Source file with Coverity annotations.