Compiz Core

Coverity SECURE_CODING - CID 10019

Bug #957582 reported by Product Strategy Coverity Bug Uploader on 2012-03-17

This bug affects 1 person

	Status	Importance	Assigned to
Compiz	Fix Released	Medium	MC Return
Compiz Core	Won't Fix	Medium	Unassigned
0.9.5	Won't Fix	Undecided	Unassigned
compiz (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10019
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/compiz-0.9.7.0~bzr3025/libdecoration/decoration.c
Function: decor_acquire_dm_session()
Code snippet:
2897 dm_name_atom = XInternAtom (xdisplay, "_COMPIZ_DM_NAME", 0);
2898
2899 utf8_string_atom = XInternAtom (xdisplay, "UTF8_STRING", 0);
2900
CID 10019 - SECURE_CODING
[VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
2901 sprintf (buf, "_COMPIZ_DM_S%d", screen);
2902 dm_sn_atom = XInternAtom (xdisplay, buf, 0);
2903
2904 current_dm_sn_owner = XGetSelectionOwner (xdisplay, dm_sn_atom);
2905
2906 if (current_dm_sn_owner != None)

Tags:

Related branches

lp:~mc-return/compiz/compiz.merge-fix957582-use-snprintf-instead-of-sprintf

Merged into lp:compiz/0.9.9 at revision 3585

Stephen M. Webb: Approve on 2013-01-28

Sam Spilsbury: Approve on 2013-01-27

PS Jenkins bot: Pending (continuous-integration) requested 2013-01-28

lp:ubuntu/raring/compiz

Revision history for this message

Product Strategy Coverity Bug Uploader (coverity-uploader) wrote on 2012-03-17: compiz-core-0.9.5: /tmp/buildd/compiz-0.9.7.0~bzr3025/libdecoration/decoration.c

compiz-core-0.9.5: /tmp/buildd/compiz-0.9.7.0~bzr3025/libdecoration/decoration.c Edit (502.2 KiB, text/html)

Source file with Coverity annotations.

Changed in compiz-core:
importance:	Undecided → Medium

Sam Spilsbury (smspillaz) on 2012-05-18

Changed in compiz:
importance:	Undecided → Medium

MC Return (mc-return) on 2013-01-26

Changed in compiz:
assignee:	nobody → MC Return (mc-return)

MC Return (mc-return) on 2013-01-28

Changed in compiz:
status:	New → In Progress

PS Jenkins bot (ps-jenkins) on 2013-01-28

Changed in compiz:
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-02-04:

This bug was fixed in the package compiz - 1:0.9.9~daily13.02.04-0ubuntu1

---------------
compiz (1:0.9.9~daily13.02.04-0ubuntu1) raring; urgency=low

  [ Marco Trevisan (Treviño) ]
  * Spread - Window glow is incorrectly painted in the screen when
    switching spreaded application (LP: #1109805)

  [ MC Return ]
  * Coverity MISSING_BREAK - CID 12463 (LP: #1101561)
  * Thumbnail plugin: Window title text is rendered into transparency
    and glow/background are too large (LP: #1099100)
  * Showmouse plugin code: Needs cleanup (LP: #1105969)
  * Coverity SECURE_CODING - CID 10019 (LP: #957582)
  * Coverity SECURE_CODING - CID 12511 (LP: #1101605)
  * Coverity SECURE_CODING - CID 12512 (LP: #1101571)
  * Keyboard shortcut overlay says Ctrl+Super+Down "minimises" the
    current window, but it doesn't (LP: #966099)
  * Coverity SECURE_CODING - CID 10020 (LP: #957587)
  * Coverity SECURE_CODING - CID 12529 (LP: #1101641)
  * Coverity MISSING_BREAK - CID 12464 (LP: #1101549)
  * Coverity SECURE_CODING - CID 12519 (LP: #1101565)
  * Coverity SECURE_CODING - CID 12516 (LP: #1101499)
  * [GLES] Showmouse plugin needs port to OpenGL|ES (LP: #1106270)