As pointed by Coverity, the function makes use of a pointer which may be
null, so we have to properly check that to ensure application will not
crash.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The function is building strings from the directory names into an allocated
buffer, but the function took time first to calculate the exact size needed
for the resulting string, so the check on wstrlcat's result will never
fail.
As we still use wstrlcat it is not possible to overrun the buffer, we would
just return a truncated string in the list instead of return no list at all
but the case where it would happen is impossible.
This should fix Coverity #50111 (Resource leak) which was present in the
code of one of the related early return.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The original choice may have looked mathematically correct, but it was
actually counter-intuitive and opposite to what every other application
do with sliders.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
When creating the temporary file that will become the final file if no
problem occurs, there is a chmod done which does not give write access to
the group and to the others, but this is the task of the user-set umask.
This patch makes the rights to everything (except execution, of course) and
still applies the umask, so in the end the file will have the rights that
user wants.
Took the opportunity to make a little change related to the umask: it seems
that some version of mkstemp have a security issue, which is in not a
problem in our use case, but Coverity reports it (#50201) so as it does not
cost anything, the patch also fixes it with an appropriate comment to
explain the situation.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The original code used the libc "fopen" kind of operation, which are handy
when manipulating text files, but:
- bring an overhead for binary files that we don't need here;
- does not provide the mechanisms for safe error handling and special cases
As Coverity reported a Time-of-Check/Time-of-Use type of security issue,
took the opportunity to fix it and increased the size of the buffer used
for data to allow better use of modern disk performances.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
As pointed by Coverity, there were some null pointer checks that had been
misplaced, due to a pointer dereference present in a preceding check. This
had been fixed by adding another null check in the check, making a
duplicate check.
This patch moves the null pointer check in first place, and remove the
pointer check from the range check to separate the pointer check on one
side and the range check on the other side.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
Catch-up and some cosmetic changes of the Dutch .po files
Recently added msgid's were translated, plus a few really minor
changes. Kept some entries for last stable release.
In particular, the values were only being converted when the RGB slider was used
to pick the color. If another tool was used, e.g., the magnifying glass, th e
value was assumed to be decimal, even if hexadecimal was selected.
Currently WINGs renders text using Xft directly which does not support
any advanced text layout that is needed for scripts like Arabic or Indic
scripts (or even things like automatic ligature support for Latin
script).
With Pango we also get text fallback for free, so no more square boxes
for characters not supported in the current font (unless no font on the
system supports the specified character, of course).
This patch introduces support for using Pango to render the text (though
its Xft backed), to avoid forcing the additional dependency to everyone
it is made off by default.
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
Recently added msgid's were translated, and some existing translations
improved. As development is done in git 'next', strings from wmaker-0.95.6
will be remained at the end of the files, so they are backward compatible.
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
This patch is adding miniwindow apercu when the mouse
is over the miniwindows.
To enable it you have to run WPref, in Miscellaneous Ergonomic
Preferences, check miniwindow apercus.
Then, you will be able to see a screenshot of the app when the mouse
is over the miniwindow.
As reported by cppcheck:
[WINGs/array.c:129] -> [WINGs/array.c:131]: (warning) Possible null pointer dereference: array - otherwise it is redundant to check it against null.
[WINGs/array.c:151] -> [WINGs/array.c:153]: (warning) Possible null pointer dereference: array - otherwise it is redundant to check it against null.
[WINGs/array.c:170] -> [WINGs/array.c:172]: (warning) Possible null pointer dereference: array - otherwise it is redundant to check it against null.
This patch is checking that the var name 'array' exists.
WRaster:
- new function 'RShutdown'
- removed flag 'optimize_for_speed' from RContext
- new functions '...(operate_xxx)', '...(flip_image)'
WUtil:
- new function 'wutil_shutdown'
- new macro 'wlengthof'
WINGs:
- new function 'WMReleaseApplication'
- new function 'WMCreateScaledBlendedPixmapFromFile'
(And maybe a few more I missed)
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
The function did spend its time re-copying data and searching the
end of the read buffer, which is not really efficient.
The new code reads directly from file to the end of previous data,
avoiding unneccesary duplication, and keeps track of the end of
data to avoid searching it for next read.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
This macro supposes that the called lib function clears the 'errno'
variable on success which is not the case. The macro was (luckily) not
used in these file yet, by removing it we make sure it won't happen.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
cppcheck is reporting the msg below:
[../WINGs/winputmethod.c:215] -> [../WINGs/winputmethod.c:209]:
(style) Found duplicate branches for 'if' and 'else'.
The patch is fixing it by setting a default return call.
The color well contains two views: view, consisting of the outer "button", and
colorView, consisting of the color itself. Previously, only clicking on view
would bring up the corresponding color panel, resulting in nonintuitive
behavior.
When the condition can be simply checked in an if, it is better to do that
than to use a flow breaking goto.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As reported by Coverity, the structure containing the callback functions
to handle the drag-and-drop actions could be freed but later re-used.
The correct behaviour is to keep the allocated memory for the structure.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the 'paintItem' function in the WMBrowser widget
is checking for nullity of its text argument, but before that it called the
strlen function which crashes on NULL pointer. This patch moves the strlen
call to the right place and reduce the lifespan of 'textLen' to highlight
incorrect tries to use the variable.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, there is a NULL pointer check at the end of the
function 'deleteFile' (which happens to not be necessary because wfree was
made to accept NULL pointers), however there are many things done before
that assumes the pointer is not NULL. The check is moved to where it
matters.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the variable 'dir' is passed by reference because
the function may update it; as it is never NULL (the function is local)
checking for that does not make sense. From the actual usage, it seems
logical that the check should have been on the value, not on the pointer.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the code was checking for NULL pointer to avoid
misbehaviour, but it actually dereferenced the pointer beforehand so the
crash would still happen.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the data returned by WMGetTextSelectedStream are
actually a newly allocated buffer, so we need to release it when we're done
with it.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, the array used to build the result for the
function 'getStreamObjects' could leak in case of early return.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As reported by Coverity, in the (rare) case where the wstrlcat would fail
the array for the result would not be freed before returning.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As reported by Coverity, the function 'WMGetTextFieldText' allocates memory
to generate the result string, so it has to be freed.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, there is a small check for NULL pointer when
handling triple-click selection in a WMText, however this check is only
partially implemented so the code would crash later anyway.
This patch implement an appropriate skip to avoid crash, and includes a
log message to help debug if the case happens.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by Coverity, despite apparent checks the function would fail if
trying to set a NULL title. Instead of trying to do over-complicated things
we just ignore (with a warning if NDEBUG is not set) the case. If user
wants an empty title, the correct way is to provide "" as we're not able to
remove a title.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As pointed by coverity, the case 'index < 0' cannot be true because it was
already earlier and handled with an early return.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
The information about the File, Line and Function name that were included
in the assertion message are already present from the 'wwarning' macro, so
it is not necessary to include them in the macro's message.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
In many places of the code these functions are counting on the "return"
effect of these macros to gracefully handle incorrect arguments. So, when
debug is not enabled, if it is okay to not display a message it is however
not good to completely skip the check and skip the early return.
This patch changes the macro to always perform the check and return to
avoid crashes, displaying a message only when NDEBUG is not set.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As reported by coverity, calling 'wexpandpath' with a path that contains
either '$()', '$(\0' or '$\0' would cause an undefined behaviour because
the 'buffer2' would be uninitialised.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
