Bug #1101608 “Coverity TOCTOU - CID 12544 - compizconfig/libcomp...” : Bugs : Compiz

Coverity TOCTOU - CID 12544 - compizconfig/libcompizconfig/src/compiz.cpp - in function: loadOptionsStringExtensionsFromXML(_CCSPlugin *, void *, stat *) - Calling function "stat(char const *, stat *)" to perform check on "pPrivate->xmlFile" in line 3174, 3 lines later calling function "fopen(char const *, char const *)" that uses "pPrivate->xmlFile" after a check function. This can cause a time-of-check, time-of-use race condition.

Bug #1101608 reported by Product Strategy Coverity Bug Uploader
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Compiz
Fix Released
Low
Stephen M. Webb
0.9.9
Won't Fix
Low
Unassigned
compiz (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12544
Checker: TOCTOU
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/367.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/compizconfig/libcompizconfig/src/compiz.cpp
Function: loadOptionsStringExtensionsFromXML(_CCSPlugin *, void *, stat *)
Code snippet:
3170 xmlDoc *doc = NULL;
3171 xmlNode **nodes;
3172 int num;
3173
CID 12544 - TOCTOU
Calling function "stat(char const *, stat *)" to perform check on "pPrivate->xmlFile".
3174 if (stat (pPrivate->xmlFile, xmlStat))
3175 return;
3176
CID 12544 - TOCTOU
Calling function "fopen(char const *, char const *)" that uses "pPrivate->xmlFile" after a check function. This can cause a time-of-check, time-of-use race condition.
3177 FILE *fp = fopen (pPrivate->xmlFile, "r");
3178 if (!fp)
3179 return;

Related branches

Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/compizconfig/libcompizconfig/src/compiz.cpp

Source file with Coverity annotations.

Changed in compiz:
importance: Undecided → Low
MC Return (mc-return)
summary: - Coverity TOCTOU - CID 12544
+ Coverity TOCTOU - CID 12544 -
+ compizconfig/libcompizconfig/src/compiz.cpp - in function:
+ loadOptionsStringExtensionsFromXML(_CCSPlugin *, void *, stat *) -
+ Calling function "stat(char const *, stat *)" to perform check on
+ "pPrivate->xmlFile" in line 3174, 3 lines later calling function
+ "fopen(char const *, char const *)" that uses "pPrivate->xmlFile" after
+ a check function. This can cause a time-of-check, time-of-use race
+ condition.
Changed in compiz:
milestone: none → 0.9.10.0
Changed in compiz:
milestone: 0.9.10.0 → 0.9.10.2
MC Return (mc-return)
Changed in compiz:
milestone: 0.9.10.2 → 0.9.11.0
Stephen M. Webb (bregma)
Changed in compiz:
milestone: 0.9.11.0 → 0.9.12.1
status: New → Triaged
Stephen M. Webb (bregma)
Changed in compiz:
assignee: nobody → Stephen M. Webb (bregma)
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package compiz - 1:0.9.12.0+15.04.20141210.2-0ubuntu1

---------------
compiz (1:0.9.12.0+15.04.20141210.2-0ubuntu1) vivid; urgency=medium

  [ James Jones ]
  * Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
    based GPUs to avoid screen refresh issues. (LP: #269904)

  [ Kyle Brenneman ]
  * Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
    based GPUs to avoid screen refresh issues. (LP: #269904)

  [ Viktor A. Danilov ]
  * Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
    based GPUs to avoid screen refresh issues. (LP: #269904)

  [ Chris Townsend ]
  * Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
    based GPUs to avoid screen refresh issues. (LP: #269904)

  [ Stephen M. Webb ]
  * Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
    based GPUs to avoid screen refresh issues. (LP: #269904)
  * libdecoration/CMakeLists.txt: use correct variable for link
    directories (LP: #1392715)
  * Switcher Plugin: renamed a local variable so it does not hide a
    function parameter. (LP: #1101585)
  * added support for multi-arch installations (LP: #1395105, #959282)
  * libcompizconfig: reorder stat() and open() calls to eliminate a race
    condition (LP: #1101608)
  * dodge plugin: avoid potential null pointer dereferences (LP:
    #1101554)
  * PrivateScreen unit tests: added additional assertions to verify the
    tests are run in an expected state (LP: #1101413)

  [ Ubuntu daily release ]
  * New rebuild forced

  [ Brandon Schaefer ]
  * Rev 3891 change caused 2 known regressions. (Could be more).
    Reverting. (LP: #1398512, #1393020)
 -- Ubuntu daily release <email address hidden> Wed, 10 Dec 2014 19:52:06 +0000

Changed in compiz (Ubuntu):
status: New → Fix Released
Stephen M. Webb (bregma)
Changed in compiz:
status: In Progress → Fix Committed
Stephen M. Webb (bregma)
Changed in compiz:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Loading subscribers...

Remote bug watches

Bug watches keep track of this bug in other bug trackers.