gryf/wmaker
1
0
Fork 0
mirror of https://github.com/gryf/wmaker.git synced 2025-12-19 20:38:08 +01:00
Code Issues Projects Releases Wiki Activity

Avoid buffer overrun in parseMenuCommand.

Browse Source 
In parseMenuCommand, title[300] might get filled with a string of length
300.  The string is copied with strcpy, therefore the size would have to be
301 or -- as I propose -- the fixed value 300 gets replaced with
"sizeof(title) - 1".  This shows also that the size 300 belongs to title
and it will already be replaced during compile-time into 299.
This commit is contained in:
Tobias Stoeckmann
2012-05-05 11:06:15 +02:00
committed by Carlos R. Mafra
parent 6bc550d91b
commit 33328d997e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/appmenu.c
View File

@@ -92,7 +92,7 @@ static WMenu *parseMenuCommand(WScreen * scr, Window win, char **slist, int coun
char title[300]; char title[300];
char rtext[300]; char rtext[300];
if (strlen(slist[*index]) > 300) { if (strlen(slist[*index]) > sizeof(title) - 1) {
wwarning("appmenu: menu command size exceeded in window %lx", win); wwarning("appmenu: menu command size exceeded in window %lx", win);
return NULL; return NULL;
} }