From 89afb761ba21926b710b9e3d12361c3922d2baec Mon Sep 17 00:00:00 2001
From: Brian Ashworth <bosrsf04@gmail.com>
Date: Tue, 5 Feb 2019 14:13:27 -0500
Subject: output_cmd_background: fix no file + valid mode

If output_cmd_background is given a valid mode as the first argument,
then there is no file given and an error should be returned.

join_args should not be called with an argc of zero since it sets the
last character to the null terminator. With an argc of zero, the length
is zero causing a heap buffer overflow when setting the byte before the
start of argv to '\0'. This probably will not ever generate a segfault,
but may cause data corruption to whatever is directly before it in
memory. To make other such cases easier to detect, this also adds a
sway_assert in join_args when argc is zero.
---
 sway/commands/output/background.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'sway/commands/output')

diff --git a/sway/commands/output/background.c b/sway/commands/output/background.c
index f65904bb..5a15ed0f 100644
--- a/sway/commands/output/background.c
+++ b/sway/commands/output/background.c
@@ -61,6 +61,9 @@ struct cmd_results *output_cmd_background(int argc, char **argv) {
 			return cmd_results_new(CMD_INVALID,
 				"Missing background scaling mode.");
 		}
+		if (j == 0) {
+			return cmd_results_new(CMD_INVALID, "Missing background file");
+		}
 
 		wordexp_t p = {0};
 		char *src = join_args(argv, j);
-- 
cgit v1.2.3-54-g00ecf