Compiz

Coverity SECURE_CODING - CID 12519

Bug #1101565 reported by Product Strategy Coverity Bug Uploader
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Compiz
Fix Released
Medium
MC Return
0.9.9
Fix Released
Medium
MC Return
compiz (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12519
Checker: SECURE_CODING
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/676.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/water/src/water.cpp
Function: WaterScreen::waterSetup()
Code snippet:
263 program[SET] = new GLProgram (set_water_vertices_vertex_shader,
264 set_water_vertices_fragment_shader);
265
266 if (target == GL_TEXTURE_2D)
CID 12519 - SECURE_CODING
[VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers.
267 sprintf (buf, update_water_vertices_fragment_shader.c_str (),
268 "2D", "2D",
269 1.0f / (float) texWidth, 1.0f / (float) texWidth,
270 1.0f / (float) texHeight, 1.0f / (float) texHeight,
271 "2D", "2D", "2D", "2D");
272 else

Related branches

lp:~mc-return/compiz/compiz.merge-fix1101641-use-snprintf-instead-of-sprintf
Sam Spilsbury: Approve
PS Jenkins bot: Pending (continuous-integration) requested
Diff: 133 lines (+12/-12)
7 files modified
libdecoration/decoration.c (+1/-1)
plugins/composite/src/screen.cpp (+1/-1)
plugins/dbus/src/dbus.cpp (+2/-2)
plugins/loginout/src/loginout.cpp (+2/-2)
plugins/screenshot/src/screenshot.cpp (+1/-1)
plugins/water/src/water.cpp (+3/-3)
src/screen.cpp (+2/-2)
lp:ubuntu/raring/compiz
Revision history for this message
Product Strategy Coverity Bug Uploader (coverity-uploader) wrote : compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/plugins/water/src/water.cpp

Source file with Coverity annotations.

Changed in compiz:
importance: Undecided → Medium
PS Jenkins bot (ps-jenkins)
Changed in compiz:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package compiz - 1:0.9.9~daily13.02.04-0ubuntu1

---------------
compiz (1:0.9.9~daily13.02.04-0ubuntu1) raring; urgency=low

  [ Marco Trevisan (Treviño) ]
  * Spread - Window glow is incorrectly painted in the screen when
    switching spreaded application (LP: #1109805)

  [ MC Return ]
  * Coverity MISSING_BREAK - CID 12463 (LP: #1101561)
  * Thumbnail plugin: Window title text is rendered into transparency
    and glow/background are too large (LP: #1099100)
  * Showmouse plugin code: Needs cleanup (LP: #1105969)
  * Coverity SECURE_CODING - CID 10019 (LP: #957582)
  * Coverity SECURE_CODING - CID 12511 (LP: #1101605)
  * Coverity SECURE_CODING - CID 12512 (LP: #1101571)
  * Keyboard shortcut overlay says Ctrl+Super+Down "minimises" the
    current window, but it doesn't (LP: #966099)
  * Coverity SECURE_CODING - CID 10020 (LP: #957587)
  * Coverity SECURE_CODING - CID 12529 (LP: #1101641)
  * Coverity MISSING_BREAK - CID 12464 (LP: #1101549)
  * Coverity SECURE_CODING - CID 12519 (LP: #1101565)
  * Coverity SECURE_CODING - CID 12516 (LP: #1101499)
  * [GLES] Showmouse plugin needs port to OpenGL|ES (LP: #1106270)

  [ Automatic PS uploader ]
  * Automatic snapshot from revision 3594
 -- Automatic PS uploader <email address hidden> Mon, 04 Feb 2013 04:01:58 +0000

Changed in compiz (Ubuntu):
status: New → Fix Released
Stephen M. Webb (bregma)
Changed in compiz:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.