aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Grayson <pete@jpgrayson.net>2019-03-11 22:28:35 -0400
committerBrian Ashworth <bosrsf04@gmail.com>2019-03-11 23:00:39 -0400
commit79369681ab3d6785aabf39bd8080cd4f30507524 (patch)
tree3e9c4e05a8d81cda621b00fff8573469a1830702
parent055d662baa3975d71552992772e97d6b489f0771 (diff)
downloadsway-79369681ab3d6785aabf39bd8080cd4f30507524.zip
sway-79369681ab3d6785aabf39bd8080cd4f30507524.tar.gz
sway-79369681ab3d6785aabf39bd8080cd4f30507524.tar.bz2
Repair swaynag crash reading message from stdin
When swaynag is run with the -l/--detailed-message option, a crash may occur if the detailed message read from stdin is large enough. E.g.: swaynag -m hello -l < ~/.config/sway/config The root cause is that the read_from_stdin() function under-allocates memory for the destination buffer which causes that buffer to be overflowed when copying line data to it with snprintf(). The repair is to allocate one more byte for the terminating null byte. N.B. although getline() returns the number of bytes read excluding a terminating null byte, the line buffer is terminated with a null byte. Thus we have a guarantee that the line buffer will be null terminated (which is important when copying with snprintf()).
-rw-r--r--swaynag/config.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/swaynag/config.c b/swaynag/config.c
index 200611f..fb2aa82 100644
--- a/swaynag/config.c
+++ b/swaynag/config.c
@@ -18,7 +18,7 @@ static char *read_from_stdin(void) {
size_t line_size = 0;
ssize_t nread;
while ((nread = getline(&line, &line_size, stdin)) != -1) {
- buffer = realloc(buffer, buffer_len + nread);
+ buffer = realloc(buffer, buffer_len + nread + 1);
snprintf(&buffer[buffer_len], nread + 1, "%s", line);
buffer_len += nread;
}