dx-packages team mailing list archive
-
dx-packages team
-
Mailing list archive
-
Message #19340
[Bug 937564] Re: Coverity SECURE_CODING - CID 10659
** Changed in: unity (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to nux in Ubuntu.
Matching subscriptions: dx-packages, dx-packages
https://bugs.launchpad.net/bugs/937564
Title:
Coverity SECURE_CODING - CID 10659
Status in Nux:
Fix Released
Status in Nux 2.0 series:
Fix Committed
Status in Nux 4.0 series:
Fix Released
Status in Unity:
Fix Released
Status in “nux” package in Ubuntu:
Fix Released
Status in “unity” package in Ubuntu:
Fix Released
Status in “unity” source package in Precise:
New
Bug description:
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10659
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/nux-2.4.0/tools/unity_support_test.c
Function: main()
Code snippet:
844 free (results.error);
845
846 // drop result file
847 if (results.result != 5) {
CID 10659 - SECURE_CODING
[VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
848 sprintf(resultfilename, "/tmp/unity_support_test.%i", results.result);
849 resultfile = open(resultfilename, O_CREAT|O_WRONLY|O_EXCL, 0666);
850 if (resultfile > 0)
851 close(resultfile);
852 }
853
To manage notifications about this bug go to:
https://bugs.launchpad.net/nux/+bug/937564/+subscriptions