On Mon, 16 Jan 2012 at 8:31:33 +0100, Rodolfo kix Garcia wrote:
> >
> [snip]
> > + char buffer[128];
>
>
> I don't like this things, I prefer "char buffer[DOCK_NAME_LEN]" and set
> DOCK_NAME_LEN in dock.h Probably we should find if this length is used
> in other places in the code.
>
> > + char *name;
> > + int wks_no = entry_no - 2;
> > +
> > + name = wstrdup(scr->workspaces[wks_no]->name);
> > + snprintf(buffer, sizeof(buffer), _("Type the name for
> > workspace %i:"), wks_no + 1);
>
>
> probably this is wrong, Is too early and I wake up 5 seconds ago but
> probably if the buffer length is 128 we have a buffer overflow.
> Correct:
No, there's no possible buffer overflow there. The user can't modify
'buffer' because it holds the fixed string "Type the name for workspace X"
where X is a (small) number.
> > +
> > + if (wInputDialog(scr, _("Rename Workspace"), buffer,
> > &name))
> > + wWorkspaceRename(scr, wks_no, name);
'name' is the user input, but checking it properly should be done inside
wWorkspaceRename(), and it probably is (I haven't looked).
--
To unsubscribe, send mail to [email protected].
