Indicator Date and Time

Merge lp:~charlesk/indicator-datetime/fix-943747 into lp:indicator-datetime/0.4

  1. fix-943747
  2. Merge into trunk.0.4
Proposed by Charles Kerr
Status: Merged
Approved by: Ted Gould
Approved revision: 157
Merge reported by: Charles Kerr
Merged at revision: not available
Proposed branch: lp:~charlesk/indicator-datetime/fix-943747
Merge into: lp:indicator-datetime/0.4
Diff against target: 27 lines (+3/-0)
1 file modified
src/datetime-prefs.c (+3/-0)
To merge this branch: bzr merge lp:~charlesk/indicator-datetime/fix-943747
Reviewer Review Type Date Requested Status
Ted Gould (community) Approve
Review via email: mp+95767@code.launchpad.net

Description of the change

The Coverity warning about sscanf() seems to be that humans need to verify that there won't be a buffer overrun from scanning into a char array. I've done so and added comments to Coverity to silence the warning.

I'm not 100% sure about the use of /* coverity[secure_coding] */ but it appears this is how other projects, such as libinktomi++, do it.

To post a comment you must log in.
Revision history for this message
Ted Gould (ted) wrote :

On Sun, 2012-03-04 at 01:00 +0000, charles wrote:
> I'm not 100% sure about the use of /* coverity[secure_coding] */ but
> it appears this is how other projects, such as libinktomi++, do it.

Me neither, let's try it.

  review approve
  status approved

review: Approve
Revision history for this message
Charles Kerr (charlesk) wrote :

Allan reports that it works :)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'src/datetime-prefs.c'
--- src/datetime-prefs.c 2012-03-02 03:15:35 +0000
+++ src/datetime-prefs.c 2012-03-04 00:59:18 +0000
@@ -405,6 +405,7 @@
405 if (is_locale_12h ()) { // TODO: make this look-at/watch gsettings?405 if (is_locale_12h ()) { // TODO: make this look-at/watch gsettings?
406 char ampm[51];406 char ampm[51];
407407
408 /* coverity[secure_coding] */
408 scanned = sscanf (text, "%u:%u:%u %50s", &hour_in, &minute_in, &second_in, ampm);409 scanned = sscanf (text, "%u:%u:%u %50s", &hour_in, &minute_in, &second_in, ampm);
409 passed = (scanned == 4);410 passed = (scanned == 4);
410411
@@ -415,6 +416,7 @@
415 }416 }
416 }417 }
417 } else {418 } else {
419 /* coverity[secure_coding] */
418 scanned = sscanf (text, "%u:%u:%u", &hour_in, &minute_in, &second_in);420 scanned = sscanf (text, "%u:%u:%u", &hour_in, &minute_in, &second_in);
419 passed = (scanned == 3);421 passed = (scanned == 3);
420 }422 }
@@ -433,6 +435,7 @@
433 else {435 else {
434 gint year_in, month_in, day_in;436 gint year_in, month_in, day_in;
435437
438 /* coverity[secure_coding] */
436 scanned = sscanf (text, "%u-%u-%u", &year_in, &month_in, &day_in);439 scanned = sscanf (text, "%u-%u-%u", &year_in, &month_in, &day_in);
437440
438 if (scanned != 3 || year_in < 1 || year_in > 9999 ||441 if (scanned != 3 || year_in < 1 || year_in > 9999 ||

Subscribers

People subscribed via source and target branches