From: Christophe CURIS <christophe.cu...@free.fr> As pointed by Coverity, when reading the size of data using 'readmsg' that size cannot be fully trusted (possibly in case of bugs in present case), so this patch adds a check to ensure it is valid before continuing.
Signed-off-by: Christophe CURIS <christophe.cu...@free.fr> --- util/wmsetbg.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/util/wmsetbg.c b/util/wmsetbg.c index 6747950..c25d60b 100644 --- a/util/wmsetbg.c +++ b/util/wmsetbg.c @@ -918,6 +918,14 @@ static noreturn void helperLoop(RContext * rc) memcpy(buf, buffer, 4); buf[4] = 0; size = atoi(buf); + if (size < 0 || size > sizeof(buffer)) { + wfatal("received invalid size %d for message from WindowMaker", size); + quit(1); + } + if (size == 0) { + werror("received 0-sized message from WindowMaker, trying to continue"); + continue; + } /* get message */ if (readmsg(0, buffer, size) < 0) { -- 1.9.2 -- To unsubscribe, send mail to wmaker-dev-unsubscr...@lists.windowmaker.org.