[Xcb] [PATCH:xcb-util] Make sure wm_class name strings are null-terminated
Peter Harris
pharris at opentext.com
Thu Jun 24 08:47:34 PDT 2010
With the flurry of patches applied in the past day, is this one still
interesting?
It appears that xcb_get_wm_class_from_reply is not safe to use without
it (or something like it).
Peter Harris
On 2010-06-15 15:58, Peter Harris wrote:
> On 2010-06-14 15:28, Alan Coopersmith wrote:
>>
>> After digging into this more, I'm not sure if any patch is needed here.
>> It depends on whether you want to expose bugs in other people's code, or
>> protect API callers from them.
>>
>> ICCCM says WM_CLASS contains two null-terminated strings.
>
> How about something like:
>
> (Completely untested. Not even compiled. For discussion only.)
>
> diff --git a/icccm/icccm.c b/icccm/icccm.c
> index 1c66a74..9ada18d 100644
> --- a/icccm/icccm.c
> +++ b/icccm/icccm.c
> @@ -359,8 +359,17 @@ xcb_get_wm_class_from_reply
> prop->_reply = reply;
> prop->instance_name = (char *) xcb_get_property_value(prop->_reply);
>
> + int len = xcb_get_property_value_length(prop->_reply);
> + /* Ensure there's a C end-of-string at the end of the property.
> + Truncate the property if necessary (the spec says there's already
> + a 0 in the last position, so this only hurts invalid props). */
> + if(len < reply->length * 4)
> + prop->instance_name[len] = 0;
> + else
> + prop->instance_name[len-1] = 0;
> +
> int name_len = strlen(prop->instance_name);
> - if(name_len == xcb_get_property_value_length(prop->_reply))
> + if(name_len == len)
> name_len--;
>
> prop->class_name = prop->instance_name + name_len + 1;
> --
> 1.7.0.6
>
--
Open Text Connectivity Solutions Group
Peter Harris http://connectivity.opentext.com/
Research and Development Phone: +1 905 762 6001
pharris at opentext.com Toll Free: 1 877 359 4866
More information about the Xcb
mailing list