dx-packages team mailing list archive
-
dx-packages team
-
Mailing list archive
-
Message #34657
[Bug 937579] Re: Coverity SECURE_CODING - CID 10657
** Changed in: nux (Ubuntu)
Status: New => Fix Released
** Changed in: nux (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to nux in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/937579
Title:
Coverity SECURE_CODING - CID 10657
Status in Nux:
Fix Released
Status in Nux 4.0 series:
Fix Released
Status in nux package in Ubuntu:
Fix Released
Bug description:
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10657
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/nux-2.4.0/NuxCore/TinyXML/tinyxml.cpp
Function: TiXmlAttribute::QueryIntValue(int *) const
Code snippet:
1389
1390
1391 int TiXmlAttribute::QueryIntValue ( int *ival ) const
1392 {
CID 10657 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
1393 if ( TIXML_SSCANF ( value.c_str(), "%d", ival ) == 1 )
1394 return TIXML_SUCCESS;
1395
1396 return TIXML_WRONG_TYPE;
1397 }
1398
To manage notifications about this bug go to:
https://bugs.launchpad.net/nux/+bug/937579/+subscriptions