From: Thomas Adam <tho...@fvwm.org> Dominik,
In taking a look at the new parser code, I decided to run it over fvwm-themes and it crashed mvwm: #0 0x00000b5d519aa865 in expand_vars (input=0x7f7fffff89b0 "+ I Mouse $0 $2 $3 $4 \"$5\" \"$6\" \"$7\" \"$8\" \"$9\"", pc=0x7f7fffff87c0, addto=1, ismod=0, cond_rc=0x7f7fffff88d8, exc=0xb6027da2e00) at expand.c:1267 This is easy to reproduce with the following snippet (I just typed it into MvwmConsole): DestroyFunc CrashMe AddtoFunc CrashMe + I Mouse $0 $2 $3 $4 \"$5\" \"$6\" \"$7\" \"$8\" \"$9\" CrashMe The reason for this is the argument list includes the command itself, and since we also have all nine positonal arguments, in checking pos->args[n] in expand_vars() we overflow the pos->args[] array. The valid argument size is 11. In changing CMDPARSER_NUM_POS_ARGS to reflect this, I've also noticed that functions.c also hard-codes 11 as the default, so I've replaced those occurances with CMDPARSER_NUM_POS_ARGS instead. Thomas Adam (1): Positional arguments: Fix off-by-one mvwm/cmdparser.h | 2 +- mvwm/functions.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) -- 2.1.0