[PATCH 1/1] Positional arguments: Fix off-by-one

2014-09-22 Thread thomas 
From: Thomas Adam tho...@fvwm.org

The number of conditional commands accepted as expansions in a function is
11, not 10. Fix the declaration for this, as well as using the definition
for the number of arguments in a few other places where previously it was
hard-coded.

---
 mvwm/cmdparser.h | 2 +-
 mvwm/functions.c | 8 
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/mvwm/cmdparser.h b/mvwm/cmdparser.h
index da4297f..c867c31 100644
--- a/mvwm/cmdparser.h
+++ b/mvwm/cmdparser.h
@@ -7,7 +7,7 @@
 
 /*  global definitions - */
 
-#define CMDPARSER_NUM_POS_ARGS 10
+#define CMDPARSER_NUM_POS_ARGS 11
 
 /*  global macros -- */
 
diff --git a/mvwm/functions.c b/mvwm/functions.c
index b03cd73..5f355a8 100644
--- a/mvwm/functions.c
+++ b/mvwm/functions.c
@@ -734,7 +734,7 @@ static void __cf_cleanup(
{
scr_flags.is_executing_complex_function = 0;
}
-   for (i = 0; i  11; i++)
+   for (i = 0; i  CMDPARSER_NUM_POS_ARGS; i++)
{
if (arguments[i] != NULL)
{
@@ -764,7 +764,7 @@ static void execute_complex_function(
Bool ImmediateNeedsTarget = False;
int do_allow_unmanaged = FUNC_ALLOW_UNMANAGED;
int do_allow_unmanaged_immediate = FUNC_ALLOW_UNMANAGED;
-   char *arguments[11], *taction;
+   char *arguments[CMDPARSER_NUM_POS_ARGS], *taction;
int x, y ,i;
XEvent d;
static int depth = 0;
@@ -810,14 +810,14 @@ static void execute_complex_function(
}
}
/* Get the argument list */
-   for (i = 1; i  11; i++)
+   for (i = 1; i  CMDPARSER_NUM_POS_ARGS; i++)
{
taction = GetNextToken(taction, arguments[i]);
}
}
else
{
-   for (i = 0; i  11; i++)
+   for (i = 0; i  CMDPARSER_NUM_POS_ARGS; i++)
{
arguments[i] = NULL;
}
-- 
2.1.0

[PATCH 0/1] dv/new-parser: Fix positional argument parsing

2014-09-22 Thread thomas 
From: Thomas Adam tho...@fvwm.org

Dominik,

In taking a look at the new parser code, I decided to run it over
fvwm-themes and it crashed mvwm:

#0  0x0b5d519aa865 in expand_vars (input=0x7f7f89b0 + I Mouse $0 $2
$3 $4 \$5\ \$6\ \$7\ \$8\ \$9\, pc=0x7f7f87c0, addto=1,
ismod=0,
cond_rc=0x7f7f88d8, exc=0xb6027da2e00) at expand.c:1267

This is easy to reproduce with the following snippet (I just typed it into
MvwmConsole):

DestroyFunc CrashMe
AddtoFunc   CrashMe
+ I Mouse $0 $2 $3 $4 \$5\ \$6\ \$7\ \$8\ \$9\

CrashMe

The reason for this is the argument list includes the command itself, and
since we also have all nine positonal arguments, in checking pos-args[n] in
expand_vars() we overflow the pos-args[] array.

The valid argument size is 11.  In changing CMDPARSER_NUM_POS_ARGS to
reflect this, I've also noticed that functions.c also hard-codes 11 as the
default, so I've replaced those occurances with CMDPARSER_NUM_POS_ARGS
instead.

Thomas Adam (1):
  Positional arguments: Fix off-by-one

 mvwm/cmdparser.h | 2 +-
 mvwm/functions.c | 8 
 2 files changed, 5 insertions(+), 5 deletions(-)

-- 
2.1.0