From d90c8d5370fc658b962671c534929972c832a61f Mon Sep 17 00:00:00 2001
From: Christophe CURIS <christophe.curis@free.fr>
Date: Mon, 16 Jun 2014 20:15:28 +0200
Subject: [PATCH] util: add check for size validity (Coverity #50224)

As pointed by Coverity, when reading the size of data using 'readmsg' that
size cannot be fully trusted (possibly in case of bugs in present case),
so this patch adds a check to ensure it is valid before continuing.

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
---
 util/wmsetbg.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/util/wmsetbg.c b/util/wmsetbg.c
index 67479509..c25d60bf 100644
--- a/util/wmsetbg.c
+++ b/util/wmsetbg.c
@@ -918,6 +918,14 @@ static noreturn void helperLoop(RContext * rc)
 		memcpy(buf, buffer, 4);
 		buf[4] = 0;
 		size = atoi(buf);
+		if (size < 0 || size > sizeof(buffer)) {
+			wfatal("received invalid size %d for message from WindowMaker", size);
+			quit(1);
+		}
+		if (size == 0) {
+			werror("received 0-sized message from WindowMaker, trying to continue");
+			continue;
+		}
 
 		/* get message */
 		if (readmsg(0, buffer, size) < 0) {