As pointed by Coverity, there is a NULL pointer check at the end of the
function 'deleteFile' (which happens to not be necessary because wfree was
made to accept NULL pointers), however there are many things done before
that assumes the pointer is not NULL. The check is moved to where it
matters.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the variable 'dir' is passed by reference because
the function may update it; as it is never NULL (the function is local)
checking for that does not make sense. From the actual usage, it seems
logical that the check should have been on the value, not on the pointer.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the code was checking for NULL pointer to avoid
misbehaviour, but it actually dereferenced the pointer beforehand so the
crash would still happen.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the data returned by WMGetTextSelectedStream are
actually a newly allocated buffer, so we need to release it when we're done
with it.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the array used to build the result for the
function 'getStreamObjects' could leak in case of early return.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As reported by Coverity, in the (rare) case where the wstrlcat would fail
the array for the result would not be freed before returning.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As reported by Coverity, the function 'WMGetTextFieldText' allocates memory
to generate the result string, so it has to be freed.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, there is a small check for NULL pointer when
handling triple-click selection in a WMText, however this check is only
partially implemented so the code would crash later anyway.
This patch implement an appropriate skip to avoid crash, and includes a
log message to help debug if the case happens.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, despite apparent checks the function would fail if
trying to set a NULL title. Instead of trying to do over-complicated things
we just ignore (with a warning if NDEBUG is not set) the case. If user
wants an empty title, the correct way is to provide "" as we're not able to
remove a title.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by coverity, the case 'index < 0' cannot be true because it was
already earlier and handled with an early return.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Since 'foo' and 'bar' are not being multiplied...
Done automatically with the sed script:
/^[a-zA-Z][a-zA-Z]*.*(/{
s/ \* \([a-zA-Z]\)/ *\1/g
}
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The information about the File, Line and Function name that were included
in the assertion message are already present from the 'wwarning' macro, so
it is not necessary to include them in the macro's message.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
In many places of the code these functions are counting on the "return"
effect of these macros to gracefully handle incorrect arguments. So, when
debug is not enabled, if it is okay to not display a message it is however
not good to completely skip the check and skip the early return.
This patch changes the macro to always perform the check and return to
avoid crashes, displaying a message only when NDEBUG is not set.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As reported by coverity, calling 'wexpandpath' with a path that contains
either '$()', '$(\0' or '$\0' would cause an undefined behaviour because
the 'buffer2' would be uninitialised.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity (#50226), the function getenv can return unreliable
data, so if a sensitive application makes uses of the function 'wgethomedir'
or 'wusergnusteppath' we'd better use the GNU function secure_getenv which
ignore environment variable when used in a known critical cases.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the type used to calculate the size to allocate was
not the right one. It now gets the compiler to deduce it from the variable
for which the memory is allocated.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the return value of the function 'wdefaultspathfordomain'
cannot be NULL, so it is not necessary to check for that.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the macro RETRY does not behave as expected, as it
assumes that errno is cleared on successful 'fopen' call which is not the
case.
This patch removes the uses of the macro RETRY:
- fopen: with the appropriate check
- fread/fwrite: nothing because they do not set errno
- fclose: nothing because retrying is not recommended
and took the opportunity to add a little bit more information in the error
messages.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
The function wrealloc never fails, and allocates enough storage to store
the resulting string, so it is useless to check if strcat failed.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity (#50074), despite the expected behaviour that
'wmalloc' should never return NULL, it may still happen if an abort handler
set by user (with wsetabort) does not call exit() as expected. In such
case we call exit ourself to be sure not to return NULL.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, if the user does not a an entry in the password
file then the function would assume its home path to be "/" but still
continue and later try to check for user->pw_dir which would dereference
the NULL pointer.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
The original code did have a few weaknesses, including:
- possible buffer overflow, if the translation was too long;
- possible crash, if either instance or class is NULL but not both
Now the appropriate length is calculated (not counting on a margin) and the
string is generated with the available elements.
As a side note, the variable was renamed from 'tmp' to 'title' for clarity.
This was highlighted by cppcheck (thanks to David Maciejak) and by
Coverity (bug #50078).
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
moving scr initialization after WApplication existing test
to prevent crashing in case wapp is null
Acked-by: Christophe CURIS <christophe.curis@free.fr>
It is not necessary to call them when the command is not executable.
Took opportunity to change parameter to XSync which is supposed to be a
'Bool' type from Xlib, which means either True or False.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
This allow compiler to raise a warning in case a new value would be added
to the enum; it also change order in the check so that WMGetButtonSelected
will be called only once, only for the case of interest.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As part of the process, some #defines were turned into enums. Also, the *_COL
when needed.
This brings the code for colors in line with the code for textures, and
allows us to use them as array indices to improve readability, e.g.,
colorOptions[MTITLE_COL] instead of colorOptions[3].
The manpages for getstyle and setstyle have not been updated and were missing
some options. This patch brings them up to date.
In addition, the *TitleExtendSpace options were appearing twice in getstyle.c.
One of the unnecessary sets was removed.
WPrefs.app/Appearances.c contained code for an unfinished feature
in the appearances panel of WPrefs, a tab for setting the background.
Since this feature has now been implemented as part of the texture
tab (see commit c2aca1a ("WPrefs: Set workspace background")), there
is no reason to keep this code.
