Coverity SECURE_TEMP - CID 10450

Bug #1100551 reported by Product Strategy Coverity Bug Uploader
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
BAMF
Fix Released
Low
Marco Trevisan (Treviño)
bamf (Ubuntu)
Fix Released
Undecided
Marco Trevisan (Treviño)
Raring
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

Coverity report bug.

[Test Case]

None, no regressions allowed.

[Regression Potential]

No regression potential.
 _
This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 10450
Checker: SECURE_TEMP
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/377.html
File: /tmp/buildd/bamf-0.4.0daily13.01.11/src/bamf-legacy-window.c
Function: bamf_legacy_window_save_mini_icon
Code snippet:
217
218 if (wnck_window_get_icon_is_fallback (window))
219 return NULL;
220
CID 10450 - SECURE_TEMP
{CovLStrv2{{t{{0} creates files with predictable names, which is unsafe.}{"tmpnam(char *)"}}}}
221 tmp = tmpnam (NULL);
222 if (!tmp)
223 return NULL;
224
225 pbuf = wnck_window_get_icon (window);
226 if (!gdk_pixbuf_save (pbuf, tmp, "png", NULL, NULL))

Related branches

Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : bamf-trunk: /tmp/buildd/bamf-0.4.0daily13.01.11/src/bamf-legacy-window.c

Source file with Coverity annotations.

Changed in bamf:
importance: Undecided → Low
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:bamf at revision 531, scheduled for release in bamf, milestone 0.4.0

Changed in bamf:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bamf - 0.4.0daily13.05.02-0ubuntu1

---------------
bamf (0.4.0daily13.05.02-0ubuntu1) saucy; urgency=low

  [ Marco Trevisan (Treviño) ]
  * debian/control:
    - Update the libwnck-3-dev dependency to 3.4.5

  [ Marco Trevisan (Treviño) <mail@3v1n0.net>, Alexandre Abreu ]
  * Webapps launchers have incorrect window matching (pips) (LP:
    #1059475)

  [ Marco Trevisan (Treviño) ]
  * Coverity SECURE_TEMP - CID 10450 (LP: #1100551)
  * Matcher leaks memory when rematching a new desktop file (LP:
    #1169990)
  * Coverity DEADCODE - CID 10447 (LP: #1100554)
  * Coverity REVERSE_INULL - CID 12653 (LP: #1100553)
  * Webapps launchers have incorrect window matching (pips) (LP:
    #1059475)

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 533
 -- Ubuntu daily release <email address hidden> Thu, 02 May 2013 22:59:03 +0000

Changed in bamf (Ubuntu):
status: New → Fix Released
description: updated
description: updated
Changed in bamf:
status: Fix Committed → Fix Released
no longer affects: bamf/0.4
Changed in bamf (Ubuntu):
assignee: nobody → Marco Trevisan (Treviño) (3v1n0)
Changed in bamf (Ubuntu Raring):
status: New → Fix Released
Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Product, or anyone else affected,

Accepted bamf into raring-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/bamf/0.4.0daily13.06.19~13.04-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Changed in bamf (Ubuntu Raring):
status: Fix Released → Fix Committed
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bamf - 0.4.0daily13.06.19~13.04-0ubuntu1

---------------
bamf (0.4.0daily13.06.19~13.04-0ubuntu1) raring; urgency=low

  [ Marco Trevisan (Treviño) ]
  * Makefile.am.gtests, Makefile.am.coverage: add missing entries to
    allow building in jenkins. (LP: #1192216)
  * Makefile.am.gtests: kill the launched dbus-daemon after running the
    tests. (LP: #1088696)

  [ Łukasz 'sil2100' Zemczak ]
  * Automatic snapshot from revision 540

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 541

bamf (0.4.0daily13.05.31~13.04-0ubuntu1) raring; urgency=low

  [ Marco Trevisan (Treviño) ]
  * Releasing Bamf-0.4.0
  * libbamf: BamfApplication: cache MimeTypes and ApplicationType on
    favorite and sticky apps. (LP: #1183871)

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 536

bamf (0.4.0daily13.05.08~13.04-0ubuntu1) raring; urgency=low

  [ Marco Trevisan (Treviño) ]
  * debian/control:
    - Update the libwnck-3-dev dependency to 3.4.5

  [ Timo Jyrinki ]
  * Set Vcs-Bzr url to 0.4 for this raring branch

  [ Marco Trevisan (Treviño) <mail@3v1n0.net>, Alexandre Abreu ]
  * Webapps launchers have incorrect window matching (pips) (LP:
    #1059475)

  [ Marco Trevisan (Treviño) ]
  * Coverity SECURE_TEMP - CID 10450 (LP: #1100551)
  * Matcher leaks memory when rematching a new desktop file (LP:
    #1169990)
  * Coverity DEADCODE - CID 10447 (LP: #1100554)
  * Coverity REVERSE_INULL - CID 12653 (LP: #1100553)
  * Webapps launchers have incorrect window matching (pips) (LP:
    #1059475)

  [ Ubuntu daily release ]
  * Automatic snapshot from revision 533
 -- Ubuntu daily release <email address hidden> Wed, 19 Jun 2013 02:01:50 +0000

Changed in bamf (Ubuntu Raring):
status: Fix Committed → Fix Released
Revision history for this message
Scott Kitterman (kitterman) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.