mirrors
/
weston
mirror of https://gitlab.freedesktop.org/wayland/weston.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

compositor-x11: fix title overflow in x11_backend_create_output 

sprintf can overflow the fixed length title which is char[32]. This
patch change title to dynamically allocated char array using asprintf or
strdup. If one of them fail we leave returning NULL to indicate the
failure.

Signed-off-by: Benoit Gschwind <gschwind@gnu-log.net>
Reviewed-by: Yong Bakos <ybakos@humanoriented.com>
Tested-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Signed-off-by: Daniel Stone <daniels@collabora.com>
This commit is contained in:
Benoit Gschwind 2016-06-05 19:01:11 +02:00 committed by Daniel Stone
parent 0f1cac54af
commit 5c2f20edb0
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
libweston/compositor-x11.c
View File

@ -782,7 +782,7 @@ x11_backend_create_output(struct x11_backend *b, int x, int y,
{
static const char name[] = "Weston Compositor";
static const char class[] = "weston-1\0Weston Compositor";
char title[32];
char *title = NULL;
struct x11_output *output;
xcb_screen_t *screen;
struct wm_normal_hints normal_hints;
@ -800,11 +800,6 @@ x11_backend_create_output(struct x11_backend *b, int x, int y,
output_width = width * scale;
output_height = height * scale;
if (configured_name)
sprintf(title, "%s - %s", name, configured_name);
else
strcpy(title, name);
if (!no_input)
values[0] |=
XCB_EVENT_MASK_KEY_PRESS |
@ -871,9 +866,24 @@ x11_backend_create_output(struct x11_backend *b, int x, int y,
}
/* Set window name. Don't bother with non-EWMH WMs. */
xcb_change_property(b->conn, XCB_PROP_MODE_REPLACE, output->window,
b->atom.net_wm_name, b->atom.utf8_string, 8,
strlen(title), title);
if (configured_name) {
if (asprintf(&title, "%s - %s", name, configured_name) < 0)
title = NULL;
} else {
title = strdup(name);
}
if (title) {
xcb_change_property(b->conn, XCB_PROP_MODE_REPLACE, output->window,
b->atom.net_wm_name, b->atom.utf8_string, 8,
strlen(title), title);
free(title);
} else {
xcb_destroy_window(b->conn, output->window);
free(output);
return NULL;
}
xcb_change_property(b->conn, XCB_PROP_MODE_REPLACE, output->window,
b->atom.wm_class, b->atom.string, 8,
sizeof class, class);