diff options
author | ael-code <tommy.ael@gmail.com> | 2018-06-22 15:41:44 +0200 |
---|---|---|
committer | ael-code <tommy.ael@gmail.com> | 2018-06-22 15:41:44 +0200 |
commit | ad085c13325d17a242a813879b8574ba3dd43cc7 (patch) | |
tree | 60dd5b87f1e9bf29b0816210ee00e18e29470405 | |
parent | Merge pull request #2143 from vilhalmer/mark-pool-buffers-busy (diff) | |
download | sway-ad085c13325d17a242a813879b8574ba3dd43cc7.tar.gz sway-ad085c13325d17a242a813879b8574ba3dd43cc7.tar.zst sway-ad085c13325d17a242a813879b8574ba3dd43cc7.zip |
bugfix: avoid access after free
if src is NULL due to a previous error we cannot use it in the command
result string.
Moreover if `src` points to `p.we_wordv[0]` we cannot use it after
`wordfree(&p)` in the command result string.
Bonus feature: If there was an error accessing the file, the string
rapresentation of the error is now included in the command result
string.
-rw-r--r-- | sway/commands/output/background.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/sway/commands/output/background.c b/sway/commands/output/background.c index 0c5c164f..82bccf68 100644 --- a/sway/commands/output/background.c +++ b/sway/commands/output/background.c | |||
@@ -3,6 +3,7 @@ | |||
3 | #include <strings.h> | 3 | #include <strings.h> |
4 | #include <unistd.h> | 4 | #include <unistd.h> |
5 | #include <wordexp.h> | 5 | #include <wordexp.h> |
6 | #include <errno.h> | ||
6 | #include "sway/commands.h" | 7 | #include "sway/commands.h" |
7 | #include "sway/config.h" | 8 | #include "sway/config.h" |
8 | #include "log.h" | 9 | #include "log.h" |
@@ -71,21 +72,27 @@ struct cmd_results *output_cmd_background(int argc, char **argv) { | |||
71 | if (conf) { | 72 | if (conf) { |
72 | char *conf_path = dirname(conf); | 73 | char *conf_path = dirname(conf); |
73 | src = malloc(strlen(conf_path) + strlen(src) + 2); | 74 | src = malloc(strlen(conf_path) + strlen(src) + 2); |
74 | if (src) { | 75 | if (!src) { |
75 | sprintf(src, "%s/%s", conf_path, p.we_wordv[0]); | 76 | free(conf); |
76 | } else { | 77 | wordfree(&p); |
77 | wlr_log(L_ERROR, | 78 | wlr_log(L_ERROR, |
78 | "Unable to allocate background source"); | 79 | "Unable to allocate resource: Not enough memory"); |
80 | return cmd_results_new(CMD_FAILURE, "output", | ||
81 | "Unable to allocate resources"); | ||
79 | } | 82 | } |
83 | sprintf(src, "%s/%s", conf_path, p.we_wordv[0]); | ||
80 | free(conf); | 84 | free(conf); |
81 | } else { | 85 | } else { |
82 | wlr_log(L_ERROR, "Unable to allocate background source"); | 86 | wlr_log(L_ERROR, "Unable to allocate background source"); |
83 | } | 87 | } |
84 | } | 88 | } |
85 | if (!src || access(src, F_OK) == -1) { | 89 | |
90 | if (access(src, F_OK) == -1) { | ||
91 | struct cmd_results *cmd_res = cmd_results_new(CMD_FAILURE, "output", | ||
92 | "Unable to access background file '%s': %s", src, strerror(errno)); | ||
93 | free(src); | ||
86 | wordfree(&p); | 94 | wordfree(&p); |
87 | return cmd_results_new(CMD_INVALID, "output", | 95 | return cmd_res; |
88 | "Background file unreadable (%s).", src); | ||
89 | } | 96 | } |
90 | 97 | ||
91 | output->background = strdup(src); | 98 | output->background = strdup(src); |