← Back to team overview

touch-packages team mailing list archive

[Bug 937564] Re: Coverity SECURE_CODING - CID 10659

 

** Changed in: unity (Ubuntu Precise)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nux in Ubuntu.
https://bugs.launchpad.net/bugs/937564

Title:
  Coverity SECURE_CODING - CID 10659

Status in Nux:
  Fix Released
Status in Nux 2.0 series:
  Fix Committed
Status in Nux 4.0 series:
  Fix Released
Status in Unity:
  Fix Released
Status in nux package in Ubuntu:
  Fix Released
Status in unity package in Ubuntu:
  Fix Released
Status in unity source package in Precise:
  Fix Released

Bug description:
  This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
  CID: 10659
  Checker: SECURE_CODING
  Category: No category available
  CWE definition: http://cwe.mitre.org/data/definitions/676.html
  File: /tmp/buildd/nux-2.4.0/tools/unity_support_test.c
  Function: main()
  Code snippet:
  844     free (results.error);
  845 
  846   // drop result file
  847   if (results.result != 5) {
  CID 10659 - SECURE_CODING
  [VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly.  Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
  848     sprintf(resultfilename, "/tmp/unity_support_test.%i", results.result);
  849     resultfile = open(resultfilename, O_CREAT|O_WRONLY|O_EXCL, 0666);
  850     if (resultfile > 0)
  851       close(resultfile);
  852   }
  853

To manage notifications about this bug go to:
https://bugs.launchpad.net/nux/+bug/937564/+subscriptions