Application Menu Indicator

Coverity SECURE_CODING - CID 10860

Bug #957414 reported by Product Strategy Coverity Bug Uploader
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Application Menu Indicator
Fix Released
Low
Charles Kerr
Application Menu Indicator 0.3.95
0.4
Fix Released
Low
Charles Kerr
Application Menu Indicator 0.3.95

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10860
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/indicator-appmenu-0.3.94/src/hudstringlist.c
Function: hud_string_list_cons()
Code snippet:
117 headlen = strlen (head);
118
119 list = g_malloc (G_STRUCT_OFFSET (HudStringList, head) + headlen + 1);
120 list->tail = hud_string_list_ref (tail);
CID 10860 - SECURE_CODING
[VERY RISKY]. Using "strcpy" can cause a buffer overflow when done incorrectly. If the destination string of a strcpy() is not large enough then anything might happen. Use strncpy() instead.
121 strcpy (list->head, head);
122 list->ref_count = 1;
123
124 return list;
125 }
126

Related branches

lp:~charlesk/indicator-appmenu/lp-957414
Conor Curran (community): Approve
Diff: 10 lines (+1/-0)
1 file modified
src/hudstringlist.c (+1/-0)
lp:indicator-appmenu/0.4
lp:~indicator-applet-developers/ubuntu/precise/indicator-appmenu/upstream
Ken VanDine: Pending requested
Diff: 1560 lines (+613/-245)
32 files modified
ChangeLog (+255/-0)
Makefile.am (+1/-35)
Makefile.am.coverage (+48/-0)
Makefile.in (+45/-39)
configure (+106/-68)
configure.ac (+4/-1)
data/Makefile.in (+5/-11)
debian/changelog (+19/-1)
debian/control (+4/-0)
docs/devel/html/HudAppMenuRegistrar.html (+1/-1)
docs/devel/html/HudDbusmenuCollector.html (+3/-3)
docs/devel/html/HudResult.html (+4/-4)
docs/devel/html/HudSource.html (+7/-7)
docs/devel/html/ch01.html (+1/-1)
docs/devel/html/ch02.html (+1/-1)
docs/devel/html/ch03.html (+1/-1)
docs/devel/html/ch04.html (+1/-1)
docs/devel/html/ch05.html (+1/-1)
docs/devel/html/hud-HudSettings.html (+2/-20)
docs/man/hud-cli.1 (+2/-2)
docs/man/hud-dump-application.1 (+2/-2)
docs/man/hud-list-applications.1 (+2/-2)
docs/man/hud-verify-app-info.1 (+2/-2)
m4/gcov.m4 (+13/-10)
src/Makefile.in (+18/-18)
src/hudquery.c (+1/-1)
src/hudtoken.c (+6/-0)
src/hudtoken.h (+1/-0)
src/indicator-appmenu.c (+2/-0)
tests/Makefile.in (+53/-11)
tests/test-dbus-message-count.in (+1/-1)
tools-vala/hud-gtk.c (+1/-1)
lp:ubuntu/precise/indicator-appmenu
Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : indicator-appmenu-0.4: /tmp/buildd/indicator-appmenu-0.3.94/src/hudstringlist.c

Source file with Coverity annotations.

Changed in indicator-appmenu:
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.