aboutsummaryrefslogtreecommitdiff
path: root/xorg-server/hw/xwin/winmultiwindowclass.c
diff options
context:
space:
mode:
Diffstat (limited to 'xorg-server/hw/xwin/winmultiwindowclass.c')
-rw-r--r--[-rwxr-xr-x]xorg-server/hw/xwin/winmultiwindowclass.c30
1 files changed, 15 insertions, 15 deletions
diff --git a/xorg-server/hw/xwin/winmultiwindowclass.c b/xorg-server/hw/xwin/winmultiwindowclass.c
index 1e544ec5f..ec283610e 100755..100644
--- a/xorg-server/hw/xwin/winmultiwindowclass.c
+++ b/xorg-server/hw/xwin/winmultiwindowclass.c
@@ -68,7 +68,12 @@ winMultiWindowGetClassHint(WindowPtr pWin, char **res_name, char **res_class)
while (prop) {
if (prop->propertyName == XA_WM_CLASS
&& prop->type == XA_STRING && prop->format == 8 && prop->data) {
- len_name = strnlen((char *) prop->data, prop->size);
+ /*
+ WM_CLASS property should consist of 2 null terminated strings, but we
+ must handle the cases when one or both is absent or not null terminated
+ */
+ len_name = strlen((char *) prop->data);
+ if (len_name > prop->size) len_name = prop->size;
(*res_name) = malloc(len_name + 1);
@@ -77,19 +82,13 @@ winMultiWindowGetClassHint(WindowPtr pWin, char **res_name, char **res_class)
return 0;
}
- /* Add one to len_name to allow copying of trailing 0 */
- memcpy((*res_name), prop->data, len_name );
- (*res_name)[len_name]='\0';
+ /* Copy name and ensure null terminated */
+ strncpy((*res_name), prop->data, len_name);
+ (*res_name)[len_name] = '\0';
- if (len_name < prop->size-1)
- {
- // It could be that the string is not null terminated
- len_class = strnlen(((char *) prop->data) + 1 + len_name, prop->size-1-len_name);
- }
- else
- {
- len_class = 0;
- }
+ /* Compute length of class name, it could be that it is absent or not null terminated */
+ len_class = (len_name >= prop->size) ? 0 : (strlen(((char *) prop->data) + 1 + len_name));
+ if (len_class > prop->size - 1 - len_name) len_class = prop->size - 1 - len_name;
(*res_class) = malloc(len_class + 1);
@@ -101,8 +100,9 @@ winMultiWindowGetClassHint(WindowPtr pWin, char **res_name, char **res_class)
return 0;
}
- memcpy((*res_class), ((char *) prop->data) + 1 + len_name, len_class);
- (*res_class)[len_class]='\0';
+ /* Copy class name and ensure null terminated */
+ strncpy((*res_class), ((char *) prop->data) + 1 + len_name, len_class);
+ (*res_class)[len_class] = '\0';
return 1;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-17 02:32:24 +0000