From 9c8fb7d025920eacf264e290010e235452235c83 Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Sat, 30 Jun 2018 16:49:13 +0900 Subject: invoke_swaybar: fix message length header size size_t/ssize_t are 8 bytes on 64bit systems, so use the proper size to transmit that information. This could lead to ridiculously large alloc as len is not initialized to zero Found through static analysis --- sway/config/bar.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'sway/config') diff --git a/sway/config/bar.c b/sway/config/bar.c index 5a97c3cc..e790c911 100644 --- a/sway/config/bar.c +++ b/sway/config/bar.c @@ -174,7 +174,7 @@ void invoke_swaybar(struct bar_config *bar) { if (!command) { const char msg[] = "Unable to allocate swaybar command string"; size_t msg_len = sizeof(msg); - if (write(filedes[1], &msg_len, sizeof(int))) {}; + if (write(filedes[1], &msg_len, sizeof(size_t))) {}; if (write(filedes[1], msg, msg_len)) {}; close(filedes[1]); exit(1); @@ -189,8 +189,8 @@ void invoke_swaybar(struct bar_config *bar) { } wlr_log(L_DEBUG, "Spawned swaybar %d", bar->pid); close(filedes[0]); - ssize_t len; - if (read(filedes[1], &len, sizeof(int)) == sizeof(int)) { + size_t len; + if (read(filedes[1], &len, sizeof(size_t)) == sizeof(size_t)) { char *buf = malloc(len); if(!buf) { wlr_log(L_ERROR, "Cannot allocate error string"); -- cgit v1.2.3 From 248ea93c1af7eae5a57c354b0e2e50898f57b17d Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Sun, 1 Jul 2018 23:22:21 +0900 Subject: bar config: fix uninitialized accesses on init error If init fails halfway through it will call the destroy function, which needs some coherent stuff filled. Allocate with calloc and fill in what cannot fail first Found through static analysis. --- sway/config/bar.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'sway/config') diff --git a/sway/config/bar.c b/sway/config/bar.c index e790c911..b97076a0 100644 --- a/sway/config/bar.c +++ b/sway/config/bar.c @@ -70,16 +70,12 @@ void free_bar_config(struct bar_config *bar) { struct bar_config *default_bar_config(void) { struct bar_config *bar = NULL; - bar = malloc(sizeof(struct bar_config)); + bar = calloc(1, sizeof(struct bar_config)); if (!bar) { return NULL; } - if (!(bar->mode = strdup("dock"))) goto cleanup; - if (!(bar->hidden_state = strdup("hide"))) goto cleanup; bar->outputs = NULL; bar->position = strdup("bottom"); - if (!(bar->bindings = create_list())) goto cleanup; - if (!(bar->status_command = strdup("while :; do date +'%Y-%m-%d %l:%M:%S %p'; sleep 1; done"))) goto cleanup; bar->pango_markup = false; bar->swaybar_command = NULL; bar->font = NULL; @@ -91,6 +87,19 @@ struct bar_config *default_bar_config(void) { bar->binding_mode_indicator = true; bar->verbose = false; bar->pid = 0; + if (!(bar->mode = strdup("dock"))) { + goto cleanup; + } + if (!(bar->hidden_state = strdup("hide"))) { + goto cleanup; + } + if (!(bar->bindings = create_list())) { + goto cleanup; + } + if (!(bar->status_command = + strdup("while date +'%Y-%m-%d %l:%M:%S %p'; do sleep 1; done"))) { + goto cleanup; + } // set default colors if (!(bar->colors.background = strndup("#000000ff", 9))) { goto cleanup; -- cgit v1.2.3