From 9fa4fbef91139b3cba1f1981cb07cd2999cae48a Mon Sep 17 00:00:00 2001 From: Samir SAADA Date: Sun, 19 Apr 2009 23:23:46 +0200 Subject: [PATCH] Fix workspace limit segfault wmaker keeps the names of all workspaces together in the string 'buf' with fixed length of 1024, therefore allowing buffer overflows if the number of workspaces is big enough. For the default names "Workspace X" (from 1 to 9) and "Workspace XX" (from 10 to 99) etc, the approximate number of workspaces necessary to make the buffer overflow occur is 80, because (11*9) + (71*12) + 80 = 1031 The fix is to set the size of 'buf' as the maximum number of workspaces times their maximum name length. The problem was reported by John H. Robinson in the wmaker-dev list ( http://lists.windowmaker.info/dev/msg00214.html ): "http://www.youtube.com/watch?v=fkNJZvKwmhE Michael reported a problem with Window Maker where it crashes with a SIGSGV when trying to create an 82nd workspace. /usr/local/WindowMaker-0.92.1pre/bin/wmaker warning: Window Maker exited due to a crash (signal 11) and will be restarted. I was able to reproduce it by making 81 workspaces, then creating an 82nd." [ crmafra: Wrote the changelog ] --- src/wmspec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wmspec.c b/src/wmspec.c index 7e395dfa..84f81cc0 100644 --- a/src/wmspec.c +++ b/src/wmspec.c @@ -826,7 +826,7 @@ updateCurrentWorkspace(WScreen *scr) /* changeable */ static void updateWorkspaceNames(WScreen *scr) { - char buf[1024], *pos; + char buf[MAX_WORKSPACES*(MAX_WORKSPACENAME_WIDTH+1)], *pos; unsigned int i, len, curr_size; pos = buf;