Coverity SECURE_CODING - CID 10657

Reported by Product Strategy Coverity Bug Uploader on 2012-02-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Nux
Status tracked in 4.0
4.0
Medium
Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10657
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/nux-2.4.0/NuxCore/TinyXML/tinyxml.cpp
Function: TiXmlAttribute::QueryIntValue(int *) const
Code snippet:
1389
1390
1391 int TiXmlAttribute::QueryIntValue ( int *ival ) const
1392 {
CID 10657 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
1393 if ( TIXML_SSCANF ( value.c_str(), "%d", ival ) == 1 )
1394 return TIXML_SUCCESS;
1395
1396 return TIXML_WRONG_TYPE;
1397 }
1398

Related branches

lp:~steve-stevebaker/nux/remove-tinyxml
Merged into lp:nux at revision 638
Jay Taoko (community): Needs Fixing on 2012-07-11

Source file with Coverity annotations.

Changed in nux:
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers