[PATCH 05/16] wmaker: change strcpy to the version with size check (Coverity #50217)

Sat, 29 Nov 2014 07:41:43 -0800 

From: Christophe CURIS <christophe.cu...@free.fr>

As pointed by Coverity, there were a number of copies done into fixed-size
buffer, it's safer to use the function that sets a limit on the size to
avoid a crash.

Signed-off-by: Christophe CURIS <christophe.cu...@free.fr>
---
 src/appmenu.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/appmenu.c b/src/appmenu.c
index 126d228..342cef3 100644
--- a/src/appmenu.c
+++ b/src/appmenu.c
@@ -90,15 +90,14 @@ static WMenu *parseMenuCommand(WScreen * scr, Window win, 
char **slist, int coun
        char title[300];
        char rtext[300];
 
-       if (strlen(slist[*index]) > sizeof(title) - 1) {
-               wwarning("appmenu: menu command size exceeded in window %lx", 
win);
-               return NULL;
-       }
        if (sscanf(slist[*index], "%i %i %n", &command, &code, &pos) < 2 || 
command != wmBeginMenu) {
                wwarning("appmenu: bad menu entry \"%s\" in window %lx", 
slist[*index], win);
                return NULL;
        }
-       strcpy(title, &slist[*index][pos]);
+       if (wstrlcpy(title, &slist[*index][pos], sizeof(title)) >= 
sizeof(title)) {
+               wwarning("appmenu: menu command size exceeded in window %lx", 
win);
+               return NULL;
+       }
        menu = wMenuCreateForApp(scr, title, *index == 1);
        if (!menu)
                return NULL;
@@ -128,7 +127,7 @@ static WMenu *parseMenuCommand(WScreen * scr, Window win, 
char **slist, int coun
                                                 slist[*index], win);
                                        return NULL;
                                }
-                               strcpy(title, &slist[*index][pos]);
+                               wstrlcpy(title, &slist[*index][pos], 
sizeof(title));
                                rtext[0] = 0;
                        } else {
                                if (sscanf(slist[*index], "%i %i %i %i %s %n",
@@ -138,7 +137,7 @@ static WMenu *parseMenuCommand(WScreen * scr, Window win, 
char **slist, int coun
                                                 slist[*index], win);
                                        return NULL;
                                }
-                               strcpy(title, &slist[*index][pos]);
+                               wstrlcpy(title, &slist[*index][pos], 
sizeof(title));
                        }
                        if (!(data = malloc(sizeof(WAppMenuData)))) {
                                wwarning("appmenu: out of memory making menu 
for window %lx", win);
@@ -174,7 +173,7 @@ static WMenu *parseMenuCommand(WScreen * scr, Window win, 
char **slist, int coun
 
                                return NULL;
                        }
-                       strcpy(title, &slist[*index][pos]);
+                       wstrlcpy(title, &slist[*index][pos], sizeof(title));
                        *index += 1;
 
                        submenu = parseMenuCommand(scr, win, slist, count, 
index);
-- 
2.1.1


-- 
To unsubscribe, send mail to wmaker-dev-unsubscr...@lists.windowmaker.org.

Reply via email to