gryf/wmaker
1
0
Fork 0
mirror of https://github.com/gryf/wmaker.git synced 2025-12-19 04:20:27 +01:00
Code Issues Projects Releases Wiki Activity

WPrefs: fix memory leak and potential buffer overflow

Browse Source 
Coverity pointed that the "text" returned by WMGetTextFieldText was never
freed (CID #331578, because WMSetTextFieldText does its own copy, it does
not take the pointer as-is).

By looking at the code, there is also a potential buffer overflow because
the buffer alloc'd for "value" is sized for the exact number of digits
before increase, but the +delta can make the number use more digits so we
may write past the end of original buffer.
We write to a stack-allocated one, so it does not cost anything and does
not participates to memory fragmentation.

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
This commit is contained in:
Christophe CURIS
2021-05-14 19:06:43 +02:00
committed by Carlos R. Mafra
parent 58862300f9
commit fd56152202
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
WPrefs.app/Expert.c
View File

@@ -146,15 +146,16 @@ typedef struct _Panel {
static void changeIntTextfield(void *data, int delta) static void changeIntTextfield(void *data, int delta)
{ {
WMTextField *textfield; WMTextField *textfield;
char *text; char *text, buffer[12];
int value; int value;
textfield = (WMTextField *)data; textfield = (WMTextField *)data;
text = WMGetTextFieldText(textfield); text = WMGetTextFieldText(textfield);
value = atoi(text); value = atoi(text);
wfree(text);
value += delta; value += delta;
sprintf(text, "%d", value); sprintf(buffer, "%d", value);
WMSetTextFieldText(textfield, text); WMSetTextFieldText(textfield, buffer);
} }
static void downButtonCallback(WMWidget *self, void *data) static void downButtonCallback(WMWidget *self, void *data)