Indicator Applet

Coverity SECURE_CODING - CID 10715

Bug #944220 reported by Product Strategy Coverity Bug Uploader
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Indicator Applet
Fix Released
Low
Charles Kerr
Indicator Applet 0.4.92
0.4
Fix Released
Low
Charles Kerr
Indicator Applet 0.4.92

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10715
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/indicator-applet-0.4.91/src/eggaccelerators.c
Function: egg_virtual_accelerator_name()
Code snippet:
399 l = 0;
400 accelerator[l] = 0;
401 if (accelerator_mods & EGG_VIRTUAL_RELEASE_MASK)
402 {
CID 10715 - SECURE_CODING
[VERY RISKY]. Using "strcpy" can cause a buffer overflow when done incorrectly. If the destination string of a strcpy() is not large enough then anything might happen. Use strncpy() instead.
403 strcpy (accelerator + l, text_release);
404 l += sizeof (text_release) - 1;
405 }
406 if (accelerator_mods & EGG_VIRTUAL_SHIFT_MASK)
407 {
CID 10715 - SECURE_CODING
[VERY RISKY]. Using "strcpy" can cause a buffer overflow when done incorrectly. If the destination string of a strcpy() is not large enough then anything might happen. Use strncpy() instead.
408 strcpy (accelerator + l, text_shift);

Related branches

lp:~charlesk/indicator-applet/fix-944220
Ted Gould (community): Approve
Diff: 150 lines (+0/-131)
2 files modified
src/eggaccelerators.c (+0/-128)
src/eggaccelerators.h (+0/-3)
lp:~indicator-applet-developers/ubuntu/precise/indicator-applet/upstream
Ken VanDine: Pending requested
Diff: 77 lines (+25/-2)
5 files modified
ChangeLog (+14/-0)
configure (+1/-1)
configure.ac (+1/-1)
debian/changelog (+7/-0)
src/applet-main.c (+2/-0)
lp:~ubuntu-desktop/indicator-applet/ubuntu (Merged)
lp:ubuntu/precise/indicator-applet
Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : indicator-applet-0.4: /tmp/buildd/indicator-applet-0.4.91/src/eggaccelerators.c

Source file with Coverity annotations.

Changed in indicator-applet:
importance: Undecided → Medium
Revision history for this message
Ted Gould (ted) wrote :

Marking as low since the code actually allocates the data in the function and then uses it. Should be pretty safe.

Changed in indicator-applet:
status: New → Confirmed
importance: Medium → Low
Revision history for this message
Charles Kerr (charlesk) wrote :

I agree with Ted's assessment that it's a low priority.

Also, indicator-applet doesn't seem to have any test hooks, so confirming a patch would be a little work.

Happily, since the function generating these warnings is completely unused, we can silence the warnings and avoid the need for testing by just removing the function. :)

Changed in indicator-applet:
status: Confirmed → In Progress
assignee: nobody → charles (charlesk)
Revision history for this message
Charles Kerr (charlesk) wrote :

fixed in http://bazaar.launchpad.net/~indicator-applet-developers/indicator-applet/trunk.0.5/revision/396

Changed in indicator-applet:
status: In Progress → Fix Committed
Ted Gould (ted)
Changed in indicator-applet:
status: Fix Committed → Fix Released
milestone: none → 0.4.92
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.