← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #79751

[Bug 1101605] Re: Coverity SECURE_CODING - CID 12511

  Thread PreviousDate PreviousThread Next 
** Changed in: compiz
       Status: Fix Committed => Fix Released

** Changed in: compiz/0.9.9
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to compiz in Ubuntu.
https://bugs.launchpad.net/bugs/1101605

Title:
  Coverity SECURE_CODING - CID 12511

Status in Compiz:
  Fix Released
Status in Compiz 0.9.9 series:
  Fix Released
Status in “compiz” package in Ubuntu:
  Fix Released

Bug description:
  This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
  CID: 12511
  Checker: SECURE_CODING
  Category: No category available
  CWE definition: http://cwe.mitre.org/data/definitions/676.html
  File: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/composite/src/screen.cpp
  Function: PrivateCompositeScreen::init()
  Code snippet:
  339     XSetWindowAttributes attr;
  340     Window               currentCmSnOwner;
  341     char                 buf[128];
  342 
  CID 12511 - SECURE_CODING
  [VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly.  Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
  343     sprintf (buf, "_NET_WM_CM_S%d", screen->screenNum ());
  344     cmSnAtom = XInternAtom (dpy, buf, 0);
  345 
  346     currentCmSnOwner = XGetSelectionOwner (dpy, cmSnAtom);
  347 
  348     if (currentCmSnOwner != None)

To manage notifications about this bug go to:
https://bugs.launchpad.net/compiz/+bug/1101605/+subscriptions
  Thread PreviousDate PreviousThread Next