Compiz

Coverity SECURE_CODING - CID 12528 - src/plugin.cpp - in function: CompPlugin::load(const char *) - [VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.

Bug #1101568 reported by Product Strategy Coverity Bug Uploader on 2013-01-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Compiz	Triaged	Medium	Unassigned	Compiz 0.9.12.2
	0.9.9	Won't Fix	Medium	Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12528
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/plugin.cpp
Function: CompPlugin::load(const char *)
Code snippet:
466
467 if (char* home = getenv ("HOME"))
468 {
469 boost::scoped_array<char> plugindir(new char [strlen (home) + strlen (HOME_PLUGINDIR) + 3]);
CID 12528 - SECURE_CODING
[VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
470 sprintf (plugindir.get(), "%s/%s", home, HOME_PLUGINDIR);
471
472 if (loaderLoadPlugin (p.get(), plugindir.get(), name))
473 return p.release();
474 }
475

Tags:

Revision history for this message

Product Strategy Coverity Bug Uploader (coverity-uploader) wrote on 2013-01-18: compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/plugin.cpp

compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/plugin.cpp Edit (88.2 KiB, text/html)

Source file with Coverity annotations.

Changed in compiz:
importance:	Undecided → Medium

MC Return (mc-return) on 2013-07-06

summary:	- Coverity SECURE_CODING - CID 12528 + Coverity SECURE_CODING - CID 12528 - src/plugin.cpp - in function: + CompPlugin::load(const char *) - [VERY RISKY]. Using "sprintf" can cause + a buffer overflow when done incorrectly. Because sprintf() assumes an + arbitrarily long string, callers must be careful not to overflow the + actual space of the destination. Use snprintf() instead, or correct + precision specifiers.
Changed in compiz:
milestone:	none → 0.9.10.0

Sam Spilsbury (smspillaz) on 2013-07-22

Changed in compiz:
milestone:	0.9.10.0 → 0.9.10.2

MC Return (mc-return) on 2013-07-24

Changed in compiz:
milestone:	0.9.10.2 → 0.9.11.0

Stephen M. Webb (bregma) on 2014-11-26

Changed in compiz:
status:	New → Triaged
milestone:	0.9.11.0 → 0.9.12.1

Stephen M. Webb (bregma) on 2015-02-03

Changed in compiz:
milestone:	0.9.12.1 → 0.9.12.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/plugin.cpp Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.