desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #79764
[Bug 1101641] Re: Coverity SECURE_CODING - CID 12529
** Changed in: compiz
Status: Fix Committed => Fix Released
** Changed in: compiz/0.9.9
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to compiz in Ubuntu.
https://bugs.launchpad.net/bugs/1101641
Title:
Coverity SECURE_CODING - CID 12529
Status in Compiz:
Fix Released
Status in Compiz 0.9.9 series:
Fix Released
Status in “compiz” package in Ubuntu:
Fix Released
Bug description:
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12529
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/screen.cpp
Function: PrivateScreen::initDisplay(const char *, compiz::private_screen::History &, unsigned int)
Code snippet:
4877
4878 /* Check for other window managers */
4879
4880 char buf[128];
CID 12529 - SECURE_CODING
[VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
4881 sprintf (buf, "WM_S%d", DefaultScreen (dpy));
4882 wmSnAtom = XInternAtom (dpy, buf, 0);
4883
4884 Window currentWmSnOwner = XGetSelectionOwner (dpy, wmSnAtom);
4885
4886 if (currentWmSnOwner != None)
To manage notifications about this bug go to:
https://bugs.launchpad.net/compiz/+bug/1101641/+subscriptions
