diff options
author | Brian Ashworth <bosrsf04@gmail.com> | 2019-02-05 14:13:27 -0500 |
---|---|---|
committer | Brian Ashworth <bosrsf04@gmail.com> | 2019-02-05 14:13:27 -0500 |
commit | 89afb761ba21926b710b9e3d12361c3922d2baec (patch) | |
tree | 1f073eead802b2db385f1986373dcabd1171a00e | |
parent | Merge pull request #3582 from c-edw/FixUninitializedInputManager (diff) | |
download | sway-89afb761ba21926b710b9e3d12361c3922d2baec.tar.gz sway-89afb761ba21926b710b9e3d12361c3922d2baec.tar.zst sway-89afb761ba21926b710b9e3d12361c3922d2baec.zip |
output_cmd_background: fix no file + valid mode
If output_cmd_background is given a valid mode as the first argument,
then there is no file given and an error should be returned.
join_args should not be called with an argc of zero since it sets the
last character to the null terminator. With an argc of zero, the length
is zero causing a heap buffer overflow when setting the byte before the
start of argv to '\0'. This probably will not ever generate a segfault,
but may cause data corruption to whatever is directly before it in
memory. To make other such cases easier to detect, this also adds a
sway_assert in join_args when argc is zero.
-rw-r--r-- | common/stringop.c | 3 | ||||
-rw-r--r-- | sway/commands/output/background.c | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/common/stringop.c b/common/stringop.c index 8af0d60f..709be684 100644 --- a/common/stringop.c +++ b/common/stringop.c | |||
@@ -258,6 +258,9 @@ int unescape_string(char *string) { | |||
258 | } | 258 | } |
259 | 259 | ||
260 | char *join_args(char **argv, int argc) { | 260 | char *join_args(char **argv, int argc) { |
261 | if (!sway_assert(argc > 0, "argc should be positive")) { | ||
262 | return NULL; | ||
263 | } | ||
261 | int len = 0, i; | 264 | int len = 0, i; |
262 | for (i = 0; i < argc; ++i) { | 265 | for (i = 0; i < argc; ++i) { |
263 | len += strlen(argv[i]) + 1; | 266 | len += strlen(argv[i]) + 1; |
diff --git a/sway/commands/output/background.c b/sway/commands/output/background.c index f65904bb..5a15ed0f 100644 --- a/sway/commands/output/background.c +++ b/sway/commands/output/background.c | |||
@@ -61,6 +61,9 @@ struct cmd_results *output_cmd_background(int argc, char **argv) { | |||
61 | return cmd_results_new(CMD_INVALID, | 61 | return cmd_results_new(CMD_INVALID, |
62 | "Missing background scaling mode."); | 62 | "Missing background scaling mode."); |
63 | } | 63 | } |
64 | if (j == 0) { | ||
65 | return cmd_results_new(CMD_INVALID, "Missing background file"); | ||
66 | } | ||
64 | 67 | ||
65 | wordexp_t p = {0}; | 68 | wordexp_t p = {0}; |
66 | char *src = join_args(argv, j); | 69 | char *src = join_args(argv, j); |