From a548b4b85cfdbef103f622c3e3aaf976938535f9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Kristian=20H=C3=B8gsberg?= Date: Thu, 9 Jan 2014 23:39:20 -0800 Subject: [PATCH] keyboard: Fix insert_text() string utility strncat() into a newly allocated buffer isn't well-defined. I don't know how this didn't crash all the time, getting blocks from malloc() with a NUL in the first byte must be fairly common. Closes: https://bugs.freedesktop.org/show_bug.cgi?id=71750 --- clients/keyboard.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/clients/keyboard.c b/clients/keyboard.c index e08a5fa..963382c 100644 --- a/clients/keyboard.c +++ b/clients/keyboard.c @@ -384,12 +384,13 @@ resize_handler(struct widget *widget, static char * insert_text(const char *text, uint32_t offset, const char *insert) { - char *new_text = xmalloc(strlen(text) + strlen(insert) + 1); + int tlen = strlen(text), ilen = strlen(insert); + char *new_text = xmalloc(tlen + ilen + 1); - strncat(new_text, text, offset); - new_text[offset] = '\0'; - strcat(new_text, insert); - strcat(new_text, text + offset); + memcpy(new_text, text, offset); + memcpy(new_text + offset, insert, ilen); + memcpy(new_text + offset + ilen, text + offset, tlen - offset); + new_text[tlen + ilen] = '\0'; return new_text; } -- 2.7.4