** Changed in: unity (Ubuntu Precise) Status: New => Fix Released
-- You received this bug notification because you are a member of DX Packages, which is subscribed to nux in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/937564 Title: Coverity SECURE_CODING - CID 10659 Status in Nux: Fix Released Status in Nux 2.0 series: Fix Committed Status in Nux 4.0 series: Fix Released Status in Unity: Fix Released Status in nux package in Ubuntu: Fix Released Status in unity package in Ubuntu: Fix Released Status in unity source package in Precise: Fix Released Bug description: This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity CID: 10659 Checker: SECURE_CODING Category: No category available CWE definition: http://cwe.mitre.org/data/definitions/676.html File: /tmp/buildd/nux-2.4.0/tools/unity_support_test.c Function: main() Code snippet: 844 free (results.error); 845 846 // drop result file 847 if (results.result != 5) { CID 10659 - SECURE_CODING [VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers. 848 sprintf(resultfilename, "/tmp/unity_support_test.%i", results.result); 849 resultfile = open(resultfilename, O_CREAT|O_WRONLY|O_EXCL, 0666); 850 if (resultfile > 0) 851 close(resultfile); 852 } 853 To manage notifications about this bug go to: https://bugs.launchpad.net/nux/+bug/937564/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp