On Sun, 10 Nov 2013 at 17:41:09 +0100, Christophe wrote: > From: Christophe CURIS <christophe.cu...@free.fr> > > It is not only not very efficient, but in present case it also participates > in memory fragmentation. > > This patch replaces this with a stack allocated buffer with a buffer which > is way too large.
"Too large" might not be enough to someone explicitly wanting to create a buffer overflow attack by using a self-compiled app with a large class name, no? I'm not too paranoid about this, but it looks like this patch makes the code vulnerable for little benefit... > Signed-off-by: Christophe CURIS <christophe.cu...@free.fr> > --- > src/winspector.c | 16 +++++----------- > 1 file changed, 5 insertions(+), 11 deletions(-) > > diff --git a/src/winspector.c b/src/winspector.c > index 8cb49df..1e185f5 100644 > --- a/src/winspector.c > +++ b/src/winspector.c > @@ -993,26 +993,20 @@ static void textEditedObserver(void *observerData, > WMNotification *notification) > static void selectSpecification(WMWidget *bPtr, void *data) > { > InspectorPanel *panel = (InspectorPanel *) data; > - char *str; > + char str[256]; > WWindow *wwin = panel->inspected; > - int len; > > if (bPtr == panel->defaultRb && (wwin->wm_instance || wwin->wm_class)) > WMSetButtonEnabled(panel->applyBtn, False); > else > WMSetButtonEnabled(panel->applyBtn, True); > > - len = 16 + strlen(wwin->wm_instance ? wwin->wm_instance : "?") > - + strlen(wwin->wm_class ? wwin->wm_class : "?"); > - > - str = wmalloc(len); > - > - snprintf(str, len, _("Inspecting %s.%s"), > - wwin->wm_instance ? wwin->wm_instance : "?", wwin->wm_class ? > wwin->wm_class : "?"); > + snprintf(str, sizeof(str), > + _("Inspecting %s.%s"), > + wwin->wm_instance ? wwin->wm_instance : "?", > + wwin->wm_class ? wwin->wm_class : "?"); > > wFrameWindowChangeTitle(panel->frame->frame, str); > - > - wfree(str); > } > > static void selectWindow(WMWidget *bPtr, void *data) > -- > 1.8.4.rc3 > > > -- > To unsubscribe, send mail to wmaker-dev-unsubscr...@lists.windowmaker.org. -- To unsubscribe, send mail to wmaker-dev-unsubscr...@lists.windowmaker.org.