Coverity SECURE_CODING - CID 10689

Bug #943695 reported by Product Strategy Coverity Bug Uploader on 2012-03-01
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Unity
Status tracked in Trunk
Trunk
Triaged
Medium
Unassigned
unity (Ubuntu)
Undecided
Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10689
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/unity-5.4.0/services/panel-service.c
Function: panel_service_get_indicator_entry_by_id()
Code snippet:
403 IndicatorObjectEntry *probably_entry;
404 PanelServicePrivate *priv = self->priv;
405
406 /* FIXME: eeek, why do we even do this? */
CID 10689 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
407 if (sscanf (entry_id, "%p", &probably_entry) == 1)
408 {
409 /* check that there really is such IndicatorObjectEntry */
410 indicator = g_hash_table_lookup (priv->entry2indicator_hash,
411 probably_entry);
412 if (object) *object = indicator;

Source file with Coverity annotations.

Changed in unity:
importance: Undecided → Medium
Tim Penhey (thumper) wrote :

I wonder why we are using sscanf, rather than atoi?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers