Hello Developers,
while trying out the Ubuntu wmaker package version 0.92.0-7ubuntu10
(http://packages.ubuntu.com/lucid/wmaker) I found that WindowMaker would
crash with a buffer overflow in the SendHelperMessage function during
startup.
There seems to be a bug in one of the snprintf calls where the len
parameter is passed also as the buffer length, leading to the problem.
The attached patch fixes the issue and allows WindowMaker to start.
Best Regards
Gilbert Netzer
diff -Naur wmaker-0.92.0/src/misc.c wmaker-0.92.0.new/src/misc.c
--- wmaker-0.92.0/src/misc.c 2010-07-25 14:44:44.000000000 +0200
+++ wmaker-0.92.0.new/src/misc.c 2010-07-25 14:47:32.000000000 +0200
@@ -1140,7 +1140,7 @@
len = (msg ? strlen(msg) : 0) + (workspace >=0 ? 4 : 0) + 1 ;
buffer = wmalloc(len+5);
- snprintf(buf, len, "%4i", len);
+ snprintf(buf, 5, "%4i", len);
memcpy(buffer, buf, 4);
buffer[4] = type;
i = 5;
