Nux

Coverity SECURE_CODING - CID 10659

Bug #937564 reported by Product Strategy Coverity Bug Uploader
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Nux
Status tracked in 4.0
2.0
Fix Committed
Undecided
Unassigned
Nux 2.14
4.0
Fix Released
Medium
Unassigned
Unity
Fix Released
Undecided
Unassigned
Unity 6.0
nux (Ubuntu)
Fix Released
Undecided
Unassigned
unity (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10659
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/nux-2.4.0/tools/unity_support_test.c
Function: main()
Code snippet:
844 free (results.error);
845
846 // drop result file
847 if (results.result != 5) {
CID 10659 - SECURE_CODING
[VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
848 sprintf(resultfilename, "/tmp/unity_support_test.%i", results.result);
849 resultfile = open(resultfilename, O_CREAT|O_WRONLY|O_EXCL, 0666);
850 if (resultfile > 0)
851 close(resultfile);
852 }
853

Related branches

lp://staging/~steve-stevebaker/nux/coverity-fixes
Tim Penhey (community): Approve
Steve Baker (community): Needs Resubmitting
Jay Taoko: Pending requested
Diff: 99 lines (+11/-11)
4 files modified
Nux/AnimatedTextureArea.cpp (+2/-2)
NuxGraphics/FontTexture.cpp (+7/-7)
NuxGraphics/GLTextureResourceManager.cpp (+1/-1)
tools/unity_support_test.c (+1/-1)
lp://staging/~sil2100/nux/ubuntu_quantal (Merged)
lp://staging/~sil2100/nux/precise_sru-1
Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : nux-trunk: /tmp/buildd/nux-2.4.0/tools/unity_support_test.c

Source file with Coverity annotations.

Changed in nux:
importance: Undecided → Medium
Łukasz Zemczak (sil2100)
Changed in unity:
status: New → Fix Committed
milestone: none → 6.0
Didier Roche-Tolomelli (didrocks)
Changed in nux:
status: Fix Committed → Fix Released
Changed in unity:
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nux - 3.0.0-0ubuntu1

---------------
nux (3.0.0-0ubuntu1) quantal-proposed; urgency=low

  [ Łukasz 'sil2100' Zemczak ]
  * New upstream release.
    - Conditional jump or move depends on uninitialised value(s)
      nux::GraphicsDisplay::ProcessXEvent(_XEvent, bool) (LP: #983321)
    - Coverity PW.PARAMETER_HIDDEN - CID 10653 (LP: #937588)
    - Coverity SECURE_CODING - CID 10659 (LP: #937564)
    - Coverity PW.PARAMETER_HIDDEN - CID 10651 (LP: #937576)
    - Coverity PW.PARAMETER_HIDDEN - CID 10652 (LP: #937586)
    - QueueDraw is very expensive (LP: #994884)
    - Unity is slow and pausing occasionally (when its DrawList size spikes,
      to almost 6000!) (LP: #1014610)
    - IBus hotkey using Release modifier doesn't work in unity (LP: #1016665)
    - Nothing should be written into the dash/hud searchbar when holding super,
      ctrl or Alt (LP: #1013751)
    - IBus can't be activated on dash or HUD since r2428 (LP: #1016354)
  * debian/control, debian/libnux-3.0-0.install,
    debian/libnux-3.0-common.install, debian/libnux-3.0-dev.install:
    - switch to nux-3.0
 -- Didier Roche <email address hidden> Tue, 10 Jul 2012 08:53:00 +0200

Changed in nux (Ubuntu):
status: New → Fix Released
Sebastien Bacher (seb128)
no longer affects: nux (Ubuntu Precise)
Marco Trevisan (Treviño) (3v1n0)
Changed in unity (Ubuntu):
status: New → Fix Released
Jaime Pérez (jaime-91)
Changed in unity (Ubuntu Precise):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.