Fix potential buffer overflow
Calling strncpy where the size of the string to copy is equal to the size of the destination can potentially lead to a buffer overflow. To fix this, copy only what is needed with memcpy, and explicitly terminate the string with a null character.
This commit is contained in:
adnano
parent
a7df5b270d
commit
a9271caeaf
1 changed files with 3 additions and 2 deletions
5
main.c
5
main.c
|
|
@ -758,8 +758,9 @@ void keypress(struct menu_state *state, enum wl_keyboard_key_state key_state,
|
||||||
if (!state->selection) {
|
if (!state->selection) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
strncpy(state->text, state->selection->text, sizeof state->text);
|
state->cursor = strnlen(state->selection->text, sizeof state->text - 1);
|
||||||
state->cursor = strlen(state->text);
|
memcpy(state->text, state->selection->text, state->cursor);
|
||||||
|
state->text[state->cursor] = '\0';
|
||||||
match(state);
|
match(state);
|
||||||
render_frame(state);
|
render_frame(state);
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue