desktop-packages team mailing list archive

Thread
Date

[Bug 1101499] Re: Coverity SECURE_CODING - CID 12516

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: "Stephen M. Webb" <stephen.webb@xxxxxxxxxxxxx>
Date: Mon, 03 Nov 2014 17:35:26 -0000
Reply-to: Bug 1101499 <1101499@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: compiz
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to compiz in Ubuntu.
https://bugs.launchpad.net/bugs/1101499

Title:
  Coverity SECURE_CODING - CID 12516

Status in Compiz:
  Fix Released
Status in Compiz 0.9.9 series:
  Fix Released
Status in “compiz” package in Ubuntu:
  Fix Released

Bug description:
  This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
  CID: 12516
  Checker: SECURE_CODING
  Category: No category available
  CWE definition: http://cwe.mitre.org/data/definitions/676.html
  File: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/screenshot/src/screenshot.cpp
  Function: ShotScreen::paint(std::list<CompOutput *, std::allocator<CompOutput *>> &, unsigned int)
  Code snippet:
  208 
  209 			if (n)
  210 			    free (namelist);
  211 
  CID 12516 - SECURE_CODING
  [VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly.  Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
  212 			sprintf (name, "screenshot%d.png", number);
  213 
  214 			CompString app (optionGetLaunchApp ());
  215 			CompString path (dir + "/" + name);
  216 			CompSize imageSize (w, h);
  217

To manage notifications about this bug go to:
https://bugs.launchpad.net/compiz/+bug/1101499/+subscriptions