As reported by Charles Philip Chan, WPrefs would get into infinite loop
when the support for Pango is enabled.
The problem is due to long strings that are broken into multiple lines by
WINGs. This is done in an iterative process in the internal function
'fitText'.
In order to avoid the cost of duplicating many times the sub-strings, the
functions involved do not place a NUL at the string-splitting position, but
they rely instead on giving the length of the string as a parameter.
The code that checks the Pango text (to avoid re-submitting the string when
not needed) did not use that length, so it would always keep the original
string that is too long, so the fitText function would always receive the
same result and loop forever trying to find where to split the string.
This patch adds the check on the length, so Pango is given the appropriate
string for its pixel size calculation.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Germán Arias, some windows in GNUstep did not have a title
bar because they declare themselves with the NET_WM type MENU.
A closer look at the spec shows that this type is meant for stuff like tear
off menus, and thus like for toolbar it is not expected that the
application does not want a titlebar, as opposite to DROPDOWN_MENU,
POPUP_MENU and COMBO.
So, this patch moves the case for TYPE_MENU to be the same as TYPE_TOOLBAR
and remove the flag that disables having a title bar.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the function blindly trust the data read from the
file, but in case of problem (corrupted file, not enough memory) it could
behave badly.
This patch adds a check for the depth, counts on RCreateImage to check the
width and height, and in any case it now includes a message for the user in
case he would like to understand what's wrong.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, if the Keysym name is very long and many modifiers
are used, the function 'capture_shortcut' could overflow its internal
buffer.
As the case is very unlikely to appear, do not increase the size of the internal
buffer (it seems to be already well sized, and we have no know maximum size
for a Keysym name), just use the appropriate function to append the name
at the end.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
Unfortunately this will lower the translation score for German, but the
translation guessed by fuzzy matching in gettext is not acceptable in the
current case: the translated string is already used for another entry in
the list, meaning that user would not see the difference between the two
and would probably then not understand why things do not behave the way he
expects.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, the sizeof used was not done on the right type.
This worked because the element was a pointer all pointers types have the
same size in most platforms.
For code maintainability, the code will now take the size from the first
element of the array to be sorted, so that if the structure gets changed
someday the expression will stay valid.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
There is a check a few line above that already return from the function
because there is nothing to do for that case, so the case statement cannot
be reached. As not all case are covered in that switch anyway that won't
make a difference, and because an 'int' is used instead of an 'enum' the
compiler will not be able complain anyway.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The warning message was duplicated many times for each possible case, but
it could have used the same message everywhere, which ease the work of
translators. Took opportunity to include the complete command being
processed so that the user will know more about the problem and may be able
to fix it.
Updated the French translation to show the gain, but not the other
languages because it require more knowledge than what Google Translate can
provide me.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As coverity pointed, the duplicated string was never freed. Considering
what is done with it, is not necessary to allocate a duplicate for it, it
is a waste of time and participates in memory fragmentation.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As a previous patch modified some instances of the error message to include
more information to the user, it is a good idea to update also the other
uses of the message, so that:
- people helping on translation will have less messages to translate
- this mean we provide more information to the user in these places too,
which can help him solve the problem
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As Coverity pointed, when building the command line to execute the current
code just assumed that it would fit in the large buffer. If user were to
provide a line too long, this would crash.
Factually this is probably not possible at current time because the command
given to the function was actually already limited to the MAXLINE size when
it was read, but this may not be guaranteed in future evolution.
Better safe than sorry, so the patch implement a size check when appending
strings, using a more efficient method (strcat re-parse the destination
string from the beginning to find its end every time).
Took the opportunity to:
- not include a trailing space at the end of the command
- do not run command if it was truncated (it could be a problem) but
provide a message to the user about it, so he may fix the problem
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As coverity found a number of problem in the code, a few changes are made
to the function:
- allocate better sizes for the strings (the original code allocated too
much room in many cases and missed the room for the final '\0' in a case)
- do not free strings if empty anymore (the actual check was not correct
anyway), but avoid allocating in first place if it is not necessary.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
Coverity pointed that in the typical code path the function FindImage would
be called twice, leading in leakage of the allocated result from the first
call.
This patch updates the condition so that the case won't arise.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, the pointer cannot be null, otherwise the code
would have crashed earlier. As the code seems to always set a valid
pointer, there's no need to make a check there.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
When creating the environment variable for the sub-process that wmaker can
create, Coverity pointed that if was possible to crash if the name of the
display did not contain the ':', which is probably ok in most case, but we
can't be sure about what it could contain in special cases.
This patch adds a proper check so, at least, it would not crash if the case
were to arise.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, despite the numerous null pointer checks there is
still a case where one can pass trough and make wmaker crash.
This patch simplifies it all but making only one check at the beginning so
the code is safe and the remaining is simpler.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, text cannot be null in this part of code. The
analysis shows that if it were, the function wIconChangeImageFile would
have directed execution to the 'else' branch. (and if it hadn't, the code
would have crashed beforehand because 'strlen' does not like null pointers)
Coverity recommends to remove the unnecessary check for code the
maintainability.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The variable is assigned a value that never change, so it adds extra
complexity which is not good for code maintainability. It is probable that
this was meant for cases that are handled in current code with early
function return, which are better for code readability.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, the 'cmd' is checked for null at the beginning of
the function, so the second case to handle the null pointer is not needed.
This also means that 'command' cannot be null (wstrdup never returns null)
so the code can also be simplified.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
Try to provide better messages to understand what went wrong, including
more information, and made them translatable;
Changed the call to 'dup' into 'dup2' which has a safer behaviour because
we can specify the target descriptor we want;
Removed a few check for the 'close()' because in these cases we do not
really care if they fail (we can't do anything about it and it just adds
noise in the logs).
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, the file descriptor used in 'dup' to become the
child process's STDIN is leaked, because it will not be used anymore, so we
close it after the dup.
Similarly, the file descriptors that represent the other ends of the pipe
for each process are useless, so let's close them too to keep a reasonable
number of opened file descriptors over time.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
In order to make code easier to maintain, the code related to creating the
Helper process (which helps by setting the background of the workspace) is
moved to a dedicated function, which have been moved to the same location
as the function for communicating with the helper.
Took opportunity to de-CamelCase the related names.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
There was a probable bug when reading settings, because the function used
was 'getInt' which would try to store the result in a 'char'. As it would
be probably easier for user to have the value directly in pixels, the
storage is now done in an int so there won't be problem anymore.
Changed the behaviour of the constant APERCU_BORDER, which would be assumed
to be the size of the border in pixel, but in previous code it was actually
the sum of the two border (1 on each side). All maths have been changed to
have it as a single border width.
Took opportunity to group variable assignation for titleHeight and
shortenTitle in a single place, because it is not convenient to have them
spread around (one value in the beginning and others later in the code) and
using default values prevents some checks that modern compiler can do to
help produce safer code.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, the return value is saved into a variable, but this
value is never used. As the variable is re-used afterwards, this
assignation could mislead on what is done, so for code maintainability the
value is just ignored.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, there was a check for null pointer on
scr->dock_dots, but this check was not made in the 2nd use of it, done if
the HIDDENDOT feature was enabled.
Investigation show that it is not possible that this pointer could be
created NULL, so let's remove the unneeded check.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, it is possible that RCreateContext fails for more
reasons that were handled by wScreenInit, so we provide an error message
for the other cases along with cleaner return from function.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, the function GetShortcutKey was allocating memory
for temporary operation, and did not free it in the end.
Because it participates in memory fragmentation and it is not really
efficient, this patch removes the allocation and uses a local storage on
the stack, and replaces wstrappend in favour of a fast string build.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
A type conversion applied to a function when used as a pointer is dangerous
because the compiler may not be able to make sure arguments will be
compatible across architectures, so it can crash the application.
This is replaced by a function prototype matching exactly what is expected
for the callback, and have the type conversion on the argument done inside
the function so the compiler have complete liberty to generate any code
needed to handle it safely.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, the function makes use of a pointer which may be
null, so we have to properly check that to ensure application will not
crash.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The function is building strings from the directory names into an allocated
buffer, but the function took time first to calculate the exact size needed
for the resulting string, so the check on wstrlcat's result will never
fail.
As we still use wstrlcat it is not possible to overrun the buffer, we would
just return a truncated string in the list instead of return no list at all
but the case where it would happen is impossible.
This should fix Coverity #50111 (Resource leak) which was present in the
code of one of the related early return.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The original choice may have looked mathematically correct, but it was
actually counter-intuitive and opposite to what every other application
do with sliders.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
When creating the temporary file that will become the final file if no
problem occurs, there is a chmod done which does not give write access to
the group and to the others, but this is the task of the user-set umask.
This patch makes the rights to everything (except execution, of course) and
still applies the umask, so in the end the file will have the rights that
user wants.
Took the opportunity to make a little change related to the umask: it seems
that some version of mkstemp have a security issue, which is in not a
problem in our use case, but Coverity reports it (#50201) so as it does not
cost anything, the patch also fixes it with an appropriate comment to
explain the situation.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The original code used the libc "fopen" kind of operation, which are handy
when manipulating text files, but:
- bring an overhead for binary files that we don't need here;
- does not provide the mechanisms for safe error handling and special cases
As Coverity reported a Time-of-Check/Time-of-Use type of security issue,
took the opportunity to fix it and increased the size of the buffer used
for data to allow better use of modern disk performances.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, there were some null pointer checks that had been
misplaced, due to a pointer dereference present in a preceding check. This
had been fixed by adding another null check in the check, making a
duplicate check.
This patch moves the null pointer check in first place, and remove the
pointer check from the range check to separate the pointer check on one
side and the range check on the other side.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
Catch-up and some cosmetic changes of the Dutch .po files
Recently added msgid's were translated, plus a few really minor
changes. Kept some entries for last stable release.
It is more efficient to use the dedicated function than to call an external
binary program to do the job, and it reduce the risk of problem in case the
path would end up with potentially problematic characters.
It should also close Coverity bug #50225 ("Use of untrusted string value")
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
The International System of Units defines "ms" as the standard abbreviation
for milliseconds, so let's use it everywhere to be consistent.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
It is general practice to not consider the strings displayed in a dialog as
real sentences, so this patch removes the dots at the end (including in the
translation);
Took the opportunity to fix some translated string that were probably not
found anymore to due other changes;
Moved a few widgets to make everything look better centered;
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
The goal was to reduce the risk of truncated lines in the list of actions
(a few of them are a bit long - and need to be!), so it was an opportunity
to align the widgets with consistent spacing.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
It is general practice to not consider the strings displayed in a dialog as
real sentences, so this patch removes the dots at the end (including in the
translation);
Took the opportunity to make a light cleanup of the translations in the
concerned areas, and fix some translated string that were probably not
found anymore to due other changes;
Make small reorganisation of the widgets to reduce the risk of truncated
strings, with keeping the overall clean aspect of the panel;
Took the opportunity to clarify the label related to the colormap to avoid
misunderstanding, and include a balloon text to clarify its reason-to-be
because, as modern display tend to all be TrueColor, it may not be
intuitive to new user what it's for.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
The goal is to reduce the risk for truncated label, and take the
opportunity to align everything with consistent spacings.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Due to a long history of evolution, it was time to rethink the placement
of all widgets to achieve a clean look. The frames have been reshuffled to
be aligned to each other, and as a bonus the Mod+Wheel setting now has its
own frame instead of being part of another unrelated frame.
Took opportunity to include an info balloon to explain what the "by
keyboard" checkbox actually means.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As many option have been added to it, the panel started to look overloaded.
With a little rework, it now displays the same options in a cleaner way.
Took opportunity to include some balloon help for the AppIcon option to try
to be clearer than what the short label allows.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As many option have been added to it, the panel started to look overloaded.
Content have been slightly moved to make it look nicely organised inside
the window, and with possibly less truncated text.
Took opportunity to include a visual feedback to the user, when checking
the "Disable mouse actions" box then we disable the related popup menu
buttons to reflect this.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Having all these information spread in different places makes it error
prone when wanting to add/remove/change something in the list are there are
many unrelated places to keep in sync.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As the data to create the icons for the dock configuration was already
grouped in a structure, it is a good idea to also include the balloon text
which is linked to them in the array, so the code is simpler and safer.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As the code is already treating these frames as an array, it is a good idea
to do the same for their titles so it is possible to reuse its size at
convenient places to make the code safer.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
