From 50c08ef7dfa95d744025254c830a01bab98d5a1d Mon Sep 17 00:00:00 2001
From: Mark Edgar <medgar123@gmail.com>
Date: Sat, 5 Oct 2013 11:45:44 +0200
Subject: [PATCH 2/3] Avoid buffer overrun in kpress() and remove limit on
 shortcut strings.

---
 st.c | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/st.c b/st.c
index 150356b..39be94c 100644
--- a/st.c
+++ b/st.c
@@ -251,7 +251,7 @@ typedef struct {
 typedef struct {
 	KeySym k;
 	uint mask;
-	char s[ESC_BUF_SIZ];
+	char *s;
 	/* three valued logic variables: 0 indifferent, 1 on, -1 off */
 	signed char appkey;    /* application keypad */
 	signed char appcursor; /* application cursor */
@@ -3557,26 +3557,27 @@ kpress(XEvent *ev) {
 	/* 2. custom keys from config.h */
 	if((customkey = kmap(ksym, e->state))) {
 		len = strlen(customkey);
-		memcpy(buf, customkey, len);
-	/* 3. composed string from input method */
-	} else {
-		if(len == 0)
-			return;
+		ttywrite(customkey, len);
+		if(IS_SET(MODE_ECHO))
+			techo(customkey, len);
+		return;
+	}
 
-		if(len == 1 && e->state & Mod1Mask) {
-			if(IS_SET(MODE_8BIT)) {
-				if(*buf < 0177) {
-					c = *buf | 0x80;
-					len = utf8encode(&c, buf);
-				}
-			} else {
-				buf[1] = buf[0];
-				buf[0] = '\033';
-				len = 2;
+	/* 3. composed string from input method */
+	if(len == 0)
+		return;
+	if(len == 1 && e->state & Mod1Mask) {
+		if(IS_SET(MODE_8BIT)) {
+			if(*buf < 0177) {
+				c = *buf | 0x80;
+				len = utf8encode(&c, buf);
 			}
+		} else {
+			buf[1] = buf[0];
+			buf[0] = '\033';
+			len = 2;
 		}
 	}
-
 	ttywrite(buf, len);
 	if(IS_SET(MODE_ECHO))
 		techo(buf, len);
-- 
1.8.4