dee

Coverity SECURE_CODING - CID 10339

  1. Series 1.0
  2. Bug #937400
Bug #937400 reported by Product Strategy Coverity Bug Uploader
This bug report is a duplicate of:  Bug #937399: Coverity DEADCODE - CID 10034. Edit Remove
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
BAMF
New
Medium
Unassigned
Legacy
New
Medium
Unassigned
Messaging Menu
New
Medium
Unassigned
12.10
New
Undecided
Unassigned
dee
Status tracked in 1.0
1.0
New
Medium
Unassigned
libappindicator
New
Medium
Unassigned
13.04
New
Medium
Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10339
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/bamf-0.2.106/build/gtk2/doc/reference/libbamf/libbamf-scan.c
Function: output_object_signal()
Code snippet:
186 /* Output the signal object type and the argument name. We assume the
187 type is a pointer - I think that is OK. We remove "Gtk" or "Gnome" and
188 convert to lower case for the argument name. */
189 pos = buffer;
CID 10339 - SECURE_CODING
[VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
190 sprintf (pos, "%s ", object_name);
191 pos += strlen (pos);
192
193 /* Try to come up with a sensible variable name for the first arg
194 * It chops off 2 know prefixes :/ and makes the name lowercase
195 * It should replace lowercase -> uppercase with '_'

Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : bamf-trunk: /tmp/buildd/bamf-0.2.106/build/gtk2/doc/reference/libbamf/libbamf-scan.c

Source file with Coverity annotations.

Changed in bamf:
importance: Undecided → Medium
Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : dee-1.0: /tmp/buildd/dee-1.0.4/doc/reference/dee-1.0/dee-1.0-scan.c

Source file with Coverity annotations.

Changed in dee:
importance: Undecided → Medium
Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : indicator-messages-12.10: /tmp/buildd/indicator-messages-12.10.6/doc/reference/messaging-menu-scan.c

Source file with Coverity annotations.

Changed in indicator-messages:
importance: Undecided → Medium
Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : libappindicator-13.04: /tmp/buildd/libappindicator-12.10.1/build/gtk2/docs/reference/libappindicator-scan.c

Source file with Coverity annotations.

Changed in libappindicator:
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.