On Sun, Apr 19, 2009 at 10:20 PM, Carlos R. Mafra <[email protected]> wrote: > On Sun 19.Apr'09 at 21:29:12 +0200, Samir SAADA wrote: >> The first patch is an attempt to correct this bug. I did test for a >> maximum of 1000 workspaces, feel free to try more :) > > Nice! > >> fixing workspace limit segfault > >> { >> - char buf[1024], *pos; >> + char buf[MAX_WORKSPACES*(MAX_WORKSPACENAME_WIDTH+1)], *pos; > > It is more or less obvious where the problem was from looking at your > patch (wmaker keeps a huge string containing all workspace names > together, right? :-), and when the sum of their name lengths was > bigger than 1024 then a buffer overflow occured. > yep, I learned a lot about wmaker with a cool session of debugging this.
> It would be nicer if your commit message contained an explanation you're right > though. Furthermore, why the limit of workspaces was around 80? > > A name of the form 'Workspace XX' (the default) contains 12 bytes, > and 12 x 80 = 960, or something like that... > well I don't know why 80 maybe hardware thing or C processing, The first 9 workspaces are smaller than the rest, they contain less digits. The default workspace naming should give a calculus like this: (11*9) + (71*12) + 80 I am still wondering which optimization flag in -O1 of gcc is revealing this. yes -O0 works fine for limit of 100 on my machine ! Samir
# HG changeset patch # User Samir SAADA <[email protected]> # Date 1240164004 -7200 # Node ID 35e0150adeae838a5b691c0168787c6e0fab2f68 # Parent 5a2507602c48324fba0f07754a442a8cc6ab967c Fixing workspace limit segfault. I fixed the size of 'buf' that will contain the names of all workspaces to be refreshed. Troubles come from the value of 'len', it can be greater than 1024. this patch sets the correct maximum size for 'buf'. diff --git a/src/wmspec.c b/src/wmspec.c --- a/src/wmspec.c +++ b/src/wmspec.c @@ -826,7 +826,7 @@ static void updateWorkspaceNames(WScreen *scr) { - char buf[1024], *pos; + char buf[MAX_WORKSPACES*(MAX_WORKSPACENAME_WIDTH+1)], *pos; unsigned int i, len, curr_size; pos = buf;
