Hi Nico,
On Thu, May 10, 2007 at 03:18:43PM +0200, Nico Golde wrote:
> * Anselm R. Garbe <[EMAIL PROTECTED]> [2007-05-10 13:53]:
> > On Wed, May 09, 2007 at 06:14:08PM +0000, David Tweed wrote:
> [...]
> > Hmm, but in main.c the stext buffer is zero-terminated
> > explicitely a line later, however, this is not done in
> > updatetitle().
> >
> > I pushed the following patch to updatetitle():
> >
> > diff -r c7b4661e8902 client.c
> > --- a/client.c Wed May 09 11:31:14 2007 +0200
> > +++ b/client.c Thu May 10 13:47:02 2007 +0200
> > @@ -365,16 +365,18 @@ updatetitle(Client *c) {
> > XGetWMName(dpy, c->win, &name);
> > if(!name.nitems)
> > return;
> > - if(name.encoding == XA_STRING)
> > - strncpy(c->name, (char *)name.value, sizeof c->name);
> > + if(name.encoding == XA_STRING) {
> > + strncpy(c->name, (char *)name.value, sizeof c->name - 1);
> > + }
> > else {
> > if(XmbTextPropertyToTextList(dpy, &name, &list, &n) >= Success
> > && n > 0 && *list)
> > {
> > - strncpy(c->name, *list, sizeof c->name);
> > + strncpy(c->name, *list, sizeof c->name - 1);
> > XFreeStringList(list);
> > }
> > }
> > + c->name[sizeof c->name - 1] = '\0';
> > XFree(name.value);
> > }
>
> The NULL-termination is done by this patch, however the patch
> is somehow bad.
> If the string is sizeof(c->name)-1 long strncpy will not
> NULL-terminate the string so that
> c->name[sizeof c->name - 1] = '\0'; will overwrite the
> latest character of the string. So if you want to do it like
No. Assume sizeof c->name == 256, hence it has been defined as
char name[256], so the last addressable index is 255, because
the first character is c->name[0], so c->name[sizeof c->name -
1] would be identical to c->name[255] if name was defined of
that size.
So all in all, the character at c->name[255] should never be
used as printable character, it should always be used as
NULL-terminator, otherwise something bad will happen if the
string exceeds 255 characters at all.
Regards,
--
Anselm R. Garbe >< http://www.suckless.org/ >< GPG key: 0D73F361
