gryf/wmaker
1
0
Fork 0
mirror of https://github.com/gryf/wmaker.git synced 2025-12-19 12:28:22 +01:00
Code Issues Projects Releases Wiki Activity

wmaker: change strcpy to the version with size check (Coverity #50217)

Browse Source 
As pointed by Coverity, there were a number of copies done into fixed-size
buffer, it's safer to use the function that sets a limit on the size to
avoid a crash.

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
This commit is contained in:
Christophe CURIS
2014-11-29 16:35:20 +01:00
committed by Carlos R. Mafra
parent 1b00071c26
commit aa8ade1ef1
1 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/appmenu.c
View File

@@ -90,15 +90,14 @@ static WMenu *parseMenuCommand(WScreen * scr, Window win, char **slist, int coun
char title[300]; char title[300];
char rtext[300]; char rtext[300];
if (strlen(slist[*index]) > sizeof(title) - 1) {
wwarning("appmenu: menu command size exceeded in window %lx", win);
return NULL;
}
if (sscanf(slist[*index], "%i %i %n", &command, &code, &pos) < 2 || command != wmBeginMenu) { if (sscanf(slist[*index], "%i %i %n", &command, &code, &pos) < 2 || command != wmBeginMenu) {
wwarning("appmenu: bad menu entry \"%s\" in window %lx", slist[*index], win); wwarning("appmenu: bad menu entry \"%s\" in window %lx", slist[*index], win);
return NULL; return NULL;
} }
strcpy(title, &slist[*index][pos]); if (wstrlcpy(title, &slist[*index][pos], sizeof(title)) >= sizeof(title)) {
wwarning("appmenu: menu command size exceeded in window %lx", win);
return NULL;
}
menu = wMenuCreateForApp(scr, title, *index == 1); menu = wMenuCreateForApp(scr, title, *index == 1);
if (!menu) if (!menu)
return NULL; return NULL;
@@ -128,7 +127,7 @@ static WMenu *parseMenuCommand(WScreen * scr, Window win, char **slist, int coun
slist[*index], win); slist[*index], win);
return NULL; return NULL;
} }
strcpy(title, &slist[*index][pos]); wstrlcpy(title, &slist[*index][pos], sizeof(title));
rtext[0] = 0; rtext[0] = 0;
} else { } else {
if (sscanf(slist[*index], "%i %i %i %i %s %n", if (sscanf(slist[*index], "%i %i %i %i %s %n",
@@ -138,7 +137,7 @@ static WMenu *parseMenuCommand(WScreen * scr, Window win, char **slist, int coun
slist[*index], win); slist[*index], win);
return NULL; return NULL;
} }
strcpy(title, &slist[*index][pos]); wstrlcpy(title, &slist[*index][pos], sizeof(title));
} }
if (!(data = malloc(sizeof(WAppMenuData)))) { if (!(data = malloc(sizeof(WAppMenuData)))) {
wwarning("appmenu: out of memory making menu for window %lx", win); wwarning("appmenu: out of memory making menu for window %lx", win);
@@ -174,7 +173,7 @@ static WMenu *parseMenuCommand(WScreen * scr, Window win, char **slist, int coun
return NULL; return NULL;
} }
strcpy(title, &slist[*index][pos]); wstrlcpy(title, &slist[*index][pos], sizeof(title));
*index += 1; *index += 1;
submenu = parseMenuCommand(scr, win, slist, count, index); submenu = parseMenuCommand(scr, win, slist, count, index);