i got a segv in an strncpy... but the bt missed telling me anything
other than it was in _e_border_eval(). gdb wouldn't help.
Thread 1 (Thread 0xb7859780 (LWP 1377)):
No symbol table info available.
No locals.
No symbol table info available.
No locals.
at /usr/include/i386-linux-gnu/bits/string3.h:121
buf = '\000' <repeats 4095 times>
s = <optimized out>
event = <optimized out>
pnd = <optimized out>
rem_change = 1
send_event = 1
since this is the only strncpy, i can only conclude that something is
fishy about the src or dest buffer, and i can only guess that the
strncpy is directly in e_border.c (though it could have come from an
inline func or macro form eina etc.)... but it's the best guess i have.
the strncpy will have problems if bd->client.icccm.class > 4096 in
size. buf will not be nul terminated then:
The strncpy() function is similar, except that at most n bytes of src
are copied. Warning: If there is no null byte among the first n bytes
of src, the string placed in dest will not be null-terminated.
as per manpage. so there was a lurking bug with a non 0 terminated
buffer. also added check for bd->client.icccm.class as it could be
null...
snprintf(buf, sizeof(buf), "%s.desktop", bd->client.icccm.class);
bd->desktop = efreet_util_desktop_file_id_find(buf);
}
- if (!bd->desktop)
+ if ((!bd->desktop) && (bd->client.icccm.class))
{
- char buf[4096] = {0}, *s;
+ char buf[4096], *s;
- strncpy(buf, bd->client.icccm.class, sizeof(buf));
+ strncpy(buf, bd->client.icccm.class, sizeof(buf) - 1);
+ buf[sizeof(buf) - 1] = 0;
s = buf;
eina_str_tolower(&s);
if (strcmp(s, bd->client.icccm.class))
projects / platform / upstream / enlightenment.git / commitdiff