This bug was fixed in the package compiz -
1:0.9.12.0+15.04.20141210.2-0ubuntu1
---------------
compiz (1:0.9.12.0+15.04.20141210.2-0ubuntu1) vivid; urgency=medium
[ James Jones ]
* Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
based GPUs to avoid screen refresh issues. (LP: #269904)
[ Kyle Brenneman ]
* Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
based GPUs to avoid screen refresh issues. (LP: #269904)
[ Viktor A. Danilov ]
* Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
based GPUs to avoid screen refresh issues. (LP: #269904)
[ Chris Townsend ]
* Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
based GPUs to avoid screen refresh issues. (LP: #269904)
[ Stephen M. Webb ]
* Added support for GL_EXT_x11_sync_object OpenGL extension for Nvidia
based GPUs to avoid screen refresh issues. (LP: #269904)
* libdecoration/CMakeLists.txt: use correct variable for link
directories (LP: #1392715)
* Switcher Plugin: renamed a local variable so it does not hide a
function parameter. (LP: #1101585)
* added support for multi-arch installations (LP: #1395105, #959282)
* libcompizconfig: reorder stat() and open() calls to eliminate a race
condition (LP: #1101608)
* dodge plugin: avoid potential null pointer dereferences (LP:
#1101554)
* PrivateScreen unit tests: added additional assertions to verify the
tests are run in an expected state (LP: #1101413)
[ Ubuntu daily release ]
* New rebuild forced
[ Brandon Schaefer ]
* Rev 3891 change caused 2 known regressions. (Could be more).
Reverting. (LP: #1398512, #1393020)
-- Ubuntu daily release <[email protected]> Wed, 10 Dec 2014
19:52:06 +0000
** Changed in: compiz (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to compiz in Ubuntu.
https://bugs.launchpad.net/bugs/1101608
Title:
Coverity TOCTOU - CID 12544 -
compizconfig/libcompizconfig/src/compiz.cpp - in function:
loadOptionsStringExtensionsFromXML(_CCSPlugin *, void *, stat *) -
Calling function "stat(char const *, stat *)" to perform check on
"pPrivate->xmlFile" in line 3174, 3 lines later calling function
"fopen(char const *, char const *)" that uses "pPrivate->xmlFile"
after a check function. This can cause a time-of-check, time-of-use
race condition.
Status in Compiz:
In Progress
Status in Compiz 0.9.9 series:
Won't Fix
Status in compiz package in Ubuntu:
Fix Released
Bug description:
This bug is exported from the Coverity Integration Manager on Canonical's
servers. For information on how this is done please see this website:
https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12544
Checker: TOCTOU
Category: No category available
CWE definition: http://cwe.mitre.org/data/definitions/367.html
File:
/tmp/buildd/compiz-0.9.9~daily13.01.14/compizconfig/libcompizconfig/src/compiz.cpp
Function: loadOptionsStringExtensionsFromXML(_CCSPlugin *, void *, stat *)
Code snippet:
3170 xmlDoc *doc = NULL;
3171 xmlNode **nodes;
3172 int num;
3173
CID 12544 - TOCTOU
Calling function "stat(char const *, stat *)" to perform check on
"pPrivate->xmlFile".
3174 if (stat (pPrivate->xmlFile, xmlStat))
3175 return;
3176
CID 12544 - TOCTOU
Calling function "fopen(char const *, char const *)" that uses
"pPrivate->xmlFile" after a check function. This can cause a time-of-check,
time-of-use race condition.
3177 FILE *fp = fopen (pPrivate->xmlFile, "r");
3178 if (!fp)
3179 return;
To manage notifications about this bug go to:
https://bugs.launchpad.net/compiz/+bug/1101608/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
