compiz team mailing list archive

Thread
Date

[Bug 1101608] Re: Coverity TOCTOU - CID 12544 - compizconfig/libcompizconfig/src/compiz.cpp - in function: loadOptionsStringExtensionsFromXML(_CCSPlugin , void , stat ) - Calling function "stat(char const , stat )" to perform check on "pPrivate->xmlFile" in line 3174, 3 lines later calling function "fopen(char const , char const *)" that uses "pPrivate->xmlFile" after a check function. This can cause a time-of-check, time-of-use race condition.

To: compiz@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1101608@xxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Dec 2014 13:29:52 -0000
Reply-to: Bug 1101608 <1101608@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Branch linked: lp:ubuntu/vivid-proposed/compiz

-- 
You received this bug notification because you are a member of compiz
packagers, which is subscribed to compiz in Ubuntu.
https://bugs.launchpad.net/bugs/1101608

Title:
  Coverity TOCTOU - CID 12544 -
  compizconfig/libcompizconfig/src/compiz.cpp - in function:
  loadOptionsStringExtensionsFromXML(_CCSPlugin *, void *, stat *) -
  Calling function "stat(char const *, stat *)" to perform check on
  "pPrivate->xmlFile" in line 3174, 3 lines later calling function
  "fopen(char const *, char const *)" that uses "pPrivate->xmlFile"
  after a check function. This can cause a time-of-check, time-of-use
  race condition.

To manage notifications about this bug go to:
https://bugs.launchpad.net/compiz/+bug/1101608/+subscriptions