Hi,
* Anselm R. Garbe <[EMAIL PROTECTED]> [2007-05-10 13:53]:
> On Wed, May 09, 2007 at 06:14:08PM +0000, David Tweed wrote:
[...]
> Hmm, but in main.c the stext buffer is zero-terminated
> explicitely a line later, however, this is not done in
> updatetitle().
>
> I pushed the following patch to updatetitle():
>
> diff -r c7b4661e8902 client.c
> --- a/client.c Wed May 09 11:31:14 2007 +0200
> +++ b/client.c Thu May 10 13:47:02 2007 +0200
> @@ -365,16 +365,18 @@ updatetitle(Client *c) {
> XGetWMName(dpy, c->win, &name);
> if(!name.nitems)
> return;
> - if(name.encoding == XA_STRING)
> - strncpy(c->name, (char *)name.value, sizeof c->name);
> + if(name.encoding == XA_STRING) {
> + strncpy(c->name, (char *)name.value, sizeof c->name - 1);
> + }
> else {
> if(XmbTextPropertyToTextList(dpy, &name, &list, &n) >= Success
> && n > 0 && *list)
> {
> - strncpy(c->name, *list, sizeof c->name);
> + strncpy(c->name, *list, sizeof c->name - 1);
> XFreeStringList(list);
> }
> }
> + c->name[sizeof c->name - 1] = '\0';
> XFree(name.value);
> }The NULL-termination is done by this patch, however the patch is somehow bad. If the string is sizeof(c->name)-1 long strncpy will not NULL-terminate the string so that c->name[sizeof c->name - 1] = '\0'; will overwrite the latest character of the string. So if you want to do it like this it should be strncpy(c->name, (char *)name.value, sizeof c->name - 2); if I don't miss anything. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpDVq9B0uORU.pgp
Description: PGP signature
