summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Dan Robertson <danlrobertson89@gmail.com>2018-02-11 03:55:45 +0000
committerLibravatar Dan Robertson <dan.robertson@anidata.org>2018-02-11 04:57:54 +0000
commitaa15629f17d65d45c02c30b6392e74d752b520b3 (patch)
tree3ae8f4c736c978ec5b9e29cfbcab0de8db058198
parentMerge pull request #1584 from 4e554c4c/no_more_hups (diff)
downloadsway-aa15629f17d65d45c02c30b6392e74d752b520b3.tar.gz
sway-aa15629f17d65d45c02c30b6392e74d752b520b3.tar.zst
sway-aa15629f17d65d45c02c30b6392e74d752b520b3.zip
Fix memory errors
- read_line: OOB write when a line in /proc/modules contains a terminating character at size position. - handle_view_created: Ensure that the list_t returned by criteria_for is free'd after use - ipc_event_binding_keyboard/ipc_event_binding: Properly handle json_object reference counting and ownership.
Diffstat
-rw-r--r--common/readline.c2
-rw-r--r--sway/handlers.c2
-rw-r--r--sway/ipc-server.c8
3 files changed, 9 insertions, 3 deletions
diff --git a/common/readline.c b/common/readline.c
index cc40a2cc..d35ba73e 100644
--- a/common/readline.c
+++ b/common/readline.c
@@ -36,7 +36,7 @@ char *read_line(FILE *file) {
36 } 36 }
37 string[length++] = c; 37 string[length++] = c;
38 } 38 }
39 if (length + 1 == size) { 39 if (length + 1 >= size) {
40 char *new_string = realloc(string, length + 1); 40 char *new_string = realloc(string, length + 1);
41 if (!new_string) { 41 if (!new_string) {
42 free(string); 42 free(string);
diff --git a/sway/handlers.c b/sway/handlers.c
index d3d5913b..616a01bb 100644
--- a/sway/handlers.c
+++ b/sway/handlers.c
@@ -484,6 +484,8 @@ static bool handle_view_created(wlc_handle handle) {
484 // refocus in-between command lists 484 // refocus in-between command lists
485 set_focused_container(newview); 485 set_focused_container(newview);
486 } 486 }
487 // Make sure to free the list_t returned by criteria_for.
488 list_free(criteria);
487 swayc_t *workspace = swayc_parent_by_type(focused, C_WORKSPACE); 489 swayc_t *workspace = swayc_parent_by_type(focused, C_WORKSPACE);
488 if (workspace && workspace->fullscreen) { 490 if (workspace && workspace->fullscreen) {
489 set_focused_container(workspace->fullscreen); 491 set_focused_container(workspace->fullscreen);
diff --git a/sway/ipc-server.c b/sway/ipc-server.c
index e10445cf..6b704e49 100644
--- a/sway/ipc-server.c
+++ b/sway/ipc-server.c
@@ -1127,7 +1127,7 @@ static void ipc_event_binding(json_object *sb_obj) {
1127 json_object *obj = json_object_new_object(); 1127 json_object *obj = json_object_new_object();
1128 json_object_object_add(obj, "change", json_object_new_string("run")); 1128 json_object_object_add(obj, "change", json_object_new_string("run"));
1129 // sb_obj gets owned by the temporary json_object, too. 1129 // sb_obj gets owned by the temporary json_object, too.
1130 json_object_object_add(obj, "binding", json_object_get(sb_obj)); 1130 json_object_object_add(obj, "binding", sb_obj);
1131 1131
1132 const char *json_string = json_object_to_json_string(obj); 1132 const char *json_string = json_object_to_json_string(obj);
1133 ipc_send_event(json_string, IPC_EVENT_BINDING); 1133 ipc_send_event(json_string, IPC_EVENT_BINDING);
@@ -1171,9 +1171,13 @@ void ipc_event_binding_keyboard(struct sway_binding *sb) {
1171 keysym = *(uint32_t *)sb->keys->items[i]; 1171 keysym = *(uint32_t *)sb->keys->items[i];
1172 if (xkb_keysym_get_name(keysym, buffer, 64) > 0) { 1172 if (xkb_keysym_get_name(keysym, buffer, 64) > 0) {
1173 json_object *str = json_object_new_string(buffer); 1173 json_object *str = json_object_new_string(buffer);
1174 json_object_array_add(symbols, str);
1175 if (i == 0) { 1174 if (i == 0) {
1175 // str is owned by both symbol and symbols. Make sure
1176 // to bump the ref count.
1177 json_object_array_add(symbols, json_object_get(str));
1176 symbol = str; 1178 symbol = str;
1179 } else {
1180 json_object_array_add(symbols, str);
1177 } 1181 }
1178 } 1182 }
1179 } 1183 }
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-05-03 10:47:16 +0000