[Xcb] [PATCH:xcb-util] Make sure wm_class name strings are null-terminated
Alan Coopersmith
alan.coopersmith at oracle.com
Thu Jun 24 10:21:38 PDT 2010
I'm still interested in figuring out some solution, and I think yours seems
like a reasonable proposal to maintain the API and offer a bit of safety for
incorrectly terminated properties. I've not had a chance to test it yet
though.
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Platform Engineering: X Window System
Peter Harris wrote:
> With the flurry of patches applied in the past day, is this one still
> interesting?
>
> It appears that xcb_get_wm_class_from_reply is not safe to use without
> it (or something like it).
>
> Peter Harris
>
> On 2010-06-15 15:58, Peter Harris wrote:
>> On 2010-06-14 15:28, Alan Coopersmith wrote:
>>> After digging into this more, I'm not sure if any patch is needed here.
>>> It depends on whether you want to expose bugs in other people's code, or
>>> protect API callers from them.
>>>
>>> ICCCM says WM_CLASS contains two null-terminated strings.
>> How about something like:
>>
>> (Completely untested. Not even compiled. For discussion only.)
>>
>> diff --git a/icccm/icccm.c b/icccm/icccm.c
>> index 1c66a74..9ada18d 100644
>> --- a/icccm/icccm.c
>> +++ b/icccm/icccm.c
>> @@ -359,8 +359,17 @@ xcb_get_wm_class_from_reply
>> prop->_reply = reply;
>> prop->instance_name = (char *) xcb_get_property_value(prop->_reply);
>>
>> + int len = xcb_get_property_value_length(prop->_reply);
>> + /* Ensure there's a C end-of-string at the end of the property.
>> + Truncate the property if necessary (the spec says there's already
>> + a 0 in the last position, so this only hurts invalid props). */
>> + if(len < reply->length * 4)
>> + prop->instance_name[len] = 0;
>> + else
>> + prop->instance_name[len-1] = 0;
>> +
>> int name_len = strlen(prop->instance_name);
>> - if(name_len == xcb_get_property_value_length(prop->_reply))
>> + if(name_len == len)
>> name_len--;
>>
>> prop->class_name = prop->instance_name + name_len + 1;
>> --
>> 1.7.0.6
>>
>
>
More information about the Xcb
mailing list