** Changed in: nux (Ubuntu) Status: New => Fix Released ** Changed in: nux (Ubuntu) Importance: Undecided => Medium
-- You received this bug notification because you are a member of DX Packages, which is subscribed to nux in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/937573 Title: Coverity SECURE_CODING - CID 10658 Status in Nux: Fix Released Status in Nux 4.0 series: Fix Released Status in nux package in Ubuntu: Fix Released Bug description: This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity CID: 10658 Checker: SECURE_CODING Category: No category available CWE definition: http://cwe.mitre.org/data/definitions/676.html File: /tmp/buildd/nux-2.4.0/NuxCore/TinyXML/tinyxml.cpp Function: TiXmlAttribute::QueryDoubleValue(double *) const Code snippet: 1397 } 1398 1399 int TiXmlAttribute::QueryDoubleValue ( double *dval ) const 1400 { CID 10658 - SECURE_CODING [VERY RISKY]. Using "sscanf" can cause a buffer overflow when done incorrectly. sscanf() assumes an arbitrarily large string, so callers must use correct precision specifiers or never use sscanf(). Use correct precision specifiers or do your own parsing. 1401 if ( TIXML_SSCANF ( value.c_str(), "%lf", dval ) == 1 ) 1402 return TIXML_SUCCESS; 1403 1404 return TIXML_WRONG_TYPE; 1405 } 1406 To manage notifications about this bug go to: https://bugs.launchpad.net/nux/+bug/937573/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp