dx-packages team mailing list archive
-
dx-packages team
-
Mailing list archive
-
Message #34759
[Bug 937573] Re: Coverity SECURE_CODING - CID 10658
** Changed in: nux (Ubuntu)
Status: New => Fix Released
** Changed in: nux (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of DX
Packages, which is subscribed to nux in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/937573
Title:
Coverity SECURE_CODING - CID 10658
Status in Nux:
Fix Released
Status in Nux 4.0 series:
Fix Released
Status in nux package in Ubuntu:
Fix Released
Bug description:
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10658
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/nux-2.4.0/NuxCore/TinyXML/tinyxml.cpp
Function: TiXmlAttribute::QueryDoubleValue(double *) const
Code snippet:
1397 }
1398
1399 int TiXmlAttribute::QueryDoubleValue ( double *dval ) const
1400 {
CID 10658 - SECURE_CODING
[VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing.
1401 if ( TIXML_SSCANF ( value.c_str(), "%lf", dval ) == 1 )
1402 return TIXML_SUCCESS;
1403
1404 return TIXML_WRONG_TYPE;
1405 }
1406
To manage notifications about this bug go to:
https://bugs.launchpad.net/nux/+bug/937573/+subscriptions