From d726eaf6170d89ccd52619a27fba0c396e1687d1 Mon Sep 17 00:00:00 2001
From: Christophe CURIS <christophe.curis@free.fr>
Date: Sat, 15 Nov 2014 19:40:51 +0100
Subject: [PATCH] wmaker: fixes in function 'UnescapeWM_CLASS' (Coverity
 #50101, #50186, #50187)

As coverity found a number of problem in the code, a few changes are made
to the function:
 - allocate better sizes for the strings (the original code allocated too
much room in many cases and missed the room for the final '\0' in a case)
 - do not free strings if empty anymore (the actual check was not correct
anyway), but avoid allocating in first place if it is not necessary.

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
---
 src/misc.c | 48 +++++++++++++++++++++---------------------------
 1 file changed, 21 insertions(+), 27 deletions(-)

diff --git a/src/misc.c b/src/misc.c
index b4c71023..3e73ff8f 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -862,16 +862,14 @@ char *EscapeWM_CLASS(const char *name, const char *class)
 static void UnescapeWM_CLASS(const char *str, char **name, char **class)
 {
 	int i, j, k, dot;
+	int length_of_name;
 
 	j = strlen(str);
-	*name = wmalloc(j);
-	**name = 0;
-	*class = wmalloc(j);
-	**class = 0;
 
 	/* separate string in 2 parts */
+	length_of_name = 0;
 	dot = -1;
-	for (i = 0; i < j; i++) {
+	for (i = 0; i < j; i++, length_of_name++) {
 		if (str[i] == '\\') {
 			i++;
 			continue;
@@ -881,31 +879,27 @@ static void UnescapeWM_CLASS(const char *str, char **name, char **class)
 		}
 	}
 
-	/* unescape strings */
-	for (i = 0, k = 0; i < dot; i++) {
-		if (str[i] == '\\') {
-			continue;
-		} else {
-			(*name)[k++] = str[i];
+	/* unescape the name */
+	if (length_of_name > 0) {
+		*name = wmalloc(length_of_name + 1);
+		for (i = 0, k = 0; i < dot; i++) {
+			if (str[i] != '\\')
+				(*name)[k++] = str[i];
 		}
-	}
-	(*name)[k] = 0;
-
-	for (i = dot + 1, k = 0; i < j; i++) {
-		if (str[i] == '\\') {
-			continue;
-		} else {
-			(*class)[k++] = str[i];
-		}
-	}
-	(*class)[k] = 0;
-
-	if (!*name) {
-		wfree(*name);
+		(*name)[k] = '\0';
+	} else {
 		*name = NULL;
 	}
-	if (!*class) {
-		wfree(*class);
+
+	/* unescape the class */
+	if (dot < j-1) {
+		*class = wmalloc(j - (dot + 1) + 1);
+		for (i = dot + 1, k = 0; i < j; i++) {
+			if (str[i] != '\\')
+				(*class)[k++] = str[i];
+		}
+		(*class)[k] = 0;
+	} else {
 		*class = NULL;
 	}
 }