Hi,
* Anselm R. Garbe <arg_AT_suckless.org> [2007-05-10 13:53]:
> On Wed, May 09, 2007 at 06:14:08PM +0000, David Tweed wrote:
[...]
> Hmm, but in main.c the stext buffer is zero-terminated
> explicitely a line later, however, this is not done in
> updatetitle().
>
> I pushed the following patch to updatetitle():
>
> diff -r c7b4661e8902 client.c
> --- a/client.c Wed May 09 11:31:14 2007 +0200
> +++ b/client.c Thu May 10 13:47:02 2007 +0200
> @@ -365,16 +365,18 @@ updatetitle(Client *c) {
> XGetWMName(dpy, c->win, &name);
> if(!name.nitems)
> return;
> - if(name.encoding == XA_STRING)
> - strncpy(c->name, (char *)name.value, sizeof c->name);
> + if(name.encoding == XA_STRING) {
> + strncpy(c->name, (char *)name.value, sizeof c->name - 1);
> + }
> else {
> if(XmbTextPropertyToTextList(dpy, &name, &list, &n) >= Success
> && n > 0 && *list)
> {
> - strncpy(c->name, *list, sizeof c->name);
> + strncpy(c->name, *list, sizeof c->name - 1);
> XFreeStringList(list);
> }
> }
> + c->name[sizeof c->name - 1] = '\0';
> XFree(name.value);
> }
The NULL-termination is done by this patch, however the patch
is somehow bad.
If the string is sizeof(c->name)-1 long strncpy will not
NULL-terminate the string so that
c->name[sizeof c->name - 1] = '\0'; will overwrite the
latest character of the string. So if you want to do it like
this it should be strncpy(c->name, (char *)name.value, sizeof c->name - 2);
if I don't miss anything.
Kind regards
Nico
-- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
This archive was generated by hypermail 2.2.0 : Sun Jul 13 2008 - 14:41:16 UTC