summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorportix <portix@gmx.net>2012-09-30 11:36:22 +0200
committerportix <portix@gmx.net>2012-09-30 11:36:22 +0200
commit430499af09b0ba3c44ef87c83b67a834b24ac40c (patch)
treeffb813849417be4eefe5e939485e91b71d910deb /src
parentc07c1a6a5f76cca0861dad25823e2b61ffd5b941 (diff)
downloaddwb-430499af09b0ba3c44ef87c83b67a834b24ac40c.zip
Use sizeof for stack-allocated strings; fixing one possible buffer overflow
Diffstat (limited to 'src')
-rw-r--r--src/adblock.c4
-rw-r--r--src/callback.c2
-rw-r--r--src/completion.c6
-rw-r--r--src/download.c10
-rw-r--r--src/dwb.c22
-rw-r--r--src/html.c2
-rw-r--r--src/js.c2
-rw-r--r--src/js.h1
-rw-r--r--src/local.c12
-rw-r--r--src/util.c6
10 files changed, 34 insertions, 33 deletions
diff --git a/src/adblock.c b/src/adblock.c
index 34b4ce06..bf3c133d 100644
--- a/src/adblock.c
+++ b/src/adblock.c
@@ -688,7 +688,7 @@ adblock_rule_parse(char *filterlist) {
/* currently unsupported xbl, ping, xmlhttprequest, dtd, elemhide,
* other, collapse, donottrack, object-subrequest, popup
* */
- snprintf(warning, 255, "Adblock option '%s' isn't supported", o);
+ snprintf(warning, sizeof(warning), "Adblock option '%s' isn't supported", o);
adblock_warn_ignored(warning, pattern);
goto error_out;
}
@@ -836,7 +836,7 @@ adblock_init() {
if (filterlist == NULL)
return false;
char buffer[PATH_MAX];
- filterlist = util_expand_home(buffer, filterlist, PATH_MAX);
+ filterlist = util_expand_home(buffer, filterlist, sizeof(buffer));
if (!g_file_test(filterlist, G_FILE_TEST_EXISTS)) {
fprintf(stderr, "Filterlist not found: %s\n", filterlist);
return false;
diff --git a/src/callback.c b/src/callback.c
index 5388375f..b1ee4ebf 100644
--- a/src/callback.c
+++ b/src/callback.c
@@ -31,7 +31,7 @@ callback_entry_insert_text(GtkWidget* entry, char *new_text, int length, gpointe
const char *text = GET_TEXT();
int newlen = strlen(text) + length + 1;
char buffer[newlen];
- snprintf(buffer, newlen, "%s%s", text, new_text);
+ snprintf(buffer, sizeof(buffer), "%s%s", text, new_text);
if (dwb.state.mode == QUICK_MARK_OPEN) {
return dwb_update_find_quickmark(buffer);
}
diff --git a/src/completion.c b/src/completion.c
index c7cf2fe9..091419a4 100644
--- a/src/completion.c
+++ b/src/completion.c
@@ -157,7 +157,7 @@ completion_set_entry_text(Completion *c) {
char buf[7];
gtk_editable_delete_text(GTK_EDITABLE(dwb.gui.entry), 0, -1);
if (dwb.state.nummod > -1) {
- l = snprintf(buf, 7, "%d", dwb.state.nummod);
+ l = snprintf(buf, sizeof(buf), "%d", dwb.state.nummod);
gtk_editable_insert_text(GTK_EDITABLE(dwb.gui.entry), buf, -1, &l);
}
gtk_editable_insert_text(GTK_EDITABLE(dwb.gui.entry), text, -1, &l);
@@ -649,7 +649,7 @@ completion_init_autocompletion(GList *gl) {
for (GList *l=gl; l; l=l->next, i++) {
KeyMap *m = l->data;
if (! (m->map->prop & CP_OVERRIDE_ENTRY) ) {
- snprintf(buffer, 128, "%s <span style='italic'>%s</span>", m->key, m->map->n.second);
+ snprintf(buffer, sizeof(buffer), "%s <span style='italic'>%s</span>", m->key, m->map->n.second);
Completion *c = completion_get_completion_item(NULL, NULL, NULL, m);
gtk_label_set_use_markup(GTK_LABEL(c->llabel), true);
gtk_label_set_markup(GTK_LABEL(c->llabel), buffer);
@@ -799,7 +799,7 @@ static void
completion_init_path_completion(int back) {
char *text = gtk_editable_get_chars(GTK_EDITABLE(dwb.gui.entry), 0, -1);
char expanded[PATH_MAX];
- text = util_expand_home(expanded, text, PATH_MAX);
+ text = util_expand_home(expanded, text, sizeof(expanded));
dwb.comps.path_completion = dwb.comps.active_path = g_list_append(NULL, g_strdup(text));
if (dwb.state.dl_action == DL_ACTION_EXECUTE) {
diff --git a/src/download.c b/src/download.c
index 638e1b2c..85ef28d8 100644
--- a/src/download.c
+++ b/src/download.c
@@ -162,7 +162,7 @@ download_progress_cb(WebKitDownload *download, GParamSpec *p, DwbDownloadStatus
double current_size = (double)webkit_download_get_current_size(download) / 0x100000;
char buffer[128] = {0};
const char *format = speed > 1 ? "[%.1fM/s|%d:%02d|%2d%%|%.3f/%.3f]" : "[%3.1fK/s|%d:%02d|%2d%%|%.3f/%.3f]";
- snprintf(buffer, 128, format, speed > 1 ? speed : speed*1024, remaining/60, remaining%60, (int)(progress*100), current_size, total_size);
+ snprintf(buffer, sizeof(buffer), format, speed > 1 ? speed : speed*1024, remaining/60, remaining%60, (int)(progress*100), current_size, total_size);
gtk_label_set_text(GTK_LABEL(label->rlabel), buffer);
#if _HAS_GTK3
@@ -205,7 +205,7 @@ download_finished(DwbDownload *d) {
char buffer[64];
double elapsed = webkit_download_get_elapsed_time(d->download);
double total_size = (double)webkit_download_get_total_size(d->download);
- snprintf(buffer, 64, "[%.2f KB/s|%.3f MB]", (total_size / (elapsed*0x400)), total_size / 0x100000);
+ snprintf(buffer, sizeof(buffer), "[%.2f KB/s|%.3f MB]", (total_size / (elapsed*0x400)), total_size / 0x100000);
gtk_label_set_text(GTK_LABEL(d->rlabel), buffer);
}
@@ -397,7 +397,7 @@ download_start(const char *path) {
dwb.state.download = webkit_download_new(request);
char escape_buffer[255];
- filename = util_normalize_filename(escape_buffer, filename, 255);
+ filename = util_normalize_filename(escape_buffer, filename, sizeof(escape_buffer));
if (EMIT_SCRIPT(DOWNLOAD_START)) {
if (dwb.state.dl_action == DL_ACTION_EXECUTE) {
@@ -425,11 +425,11 @@ download_start(const char *path) {
//char *command = NULL;
char *tmppath = NULL;
const char *last_slash;
- char path_buffer[PATH_MAX+1];
+ char path_buffer[PATH_MAX];
gboolean external = GET_BOOL("download-use-external-program");
char buffer[PATH_MAX];
- path = util_expand_home(buffer, path, PATH_MAX);
+ path = util_expand_home(buffer, path, sizeof(buffer));
if (!filename || !strlen(filename)) {
filename = "dwb_download";
diff --git a/src/dwb.c b/src/dwb.c
index 1c63cff5..20831250 100644
--- a/src/dwb.c
+++ b/src/dwb.c
@@ -529,7 +529,7 @@ dwb_set_normal_message(GList *gl, gboolean hide, const char *text, ...) {
va_start(arg_list, text);
char message[STRING_LENGTH];
- vsnprintf(message, STRING_LENGTH, text, arg_list);
+ vsnprintf(message, sizeof(message), text, arg_list);
va_end(arg_list);
if (gtk_widget_get_visible(dwb.gui.bottombox)) {
@@ -557,7 +557,7 @@ dwb_set_error_message(GList *gl, const char *error, ...) {
va_start(arg_list, error);
char message[STRING_LENGTH];
- vsnprintf(message, STRING_LENGTH, error, arg_list);
+ vsnprintf(message, sizeof(message), error, arg_list);
va_end(arg_list);
dwb_source_remove();
@@ -1672,7 +1672,7 @@ dwb_submit_searchengine(void) {
if (hint_search_submit == NULL) {
hint_search_submit = HINT_SEARCH_SUBMIT;
}
- snprintf(buffer, 64, "{ \"searchString\" : \"%s\" }", hint_search_submit);
+ snprintf(buffer, sizeof(buffer), "{ \"searchString\" : \"%s\" }", hint_search_submit);
if ( (value = js_call_as_function(MAIN_FRAME(), CURRENT_VIEW()->hint_object, "submitSearchEngine", buffer, &value)) ) {
dwb.state.form_name = value;
}
@@ -1801,7 +1801,7 @@ dwb_update_hints(GdkEventKey *e) {
if (e->keyval == GDK_KEY_Return) {
com = "followActive";
- snprintf(json, BUFFER_LENGTH, "{ \"type\" : \"%d\" }", hint_map[dwb.state.hint_type].arg);
+ snprintf(json, sizeof(json), "{ \"type\" : \"%d\" }", hint_map[dwb.state.hint_type].arg);
}
else if (DWB_COMPLETE_KEY(e)) {
if ((DWB_TAB_KEY(e) && e->state & GDK_SHIFT_MASK) || e->keyval == GDK_KEY_Up) {
@@ -1817,7 +1817,7 @@ dwb_update_hints(GdkEventKey *e) {
}
else {
val = util_keyval_to_char(e->keyval, true);
- snprintf(json, BUFFER_LENGTH, "{ \"input\" : \"%s%s\", \"type\" : %d }", GET_TEXT(), val ? val : "", hint_map[dwb.state.hint_type].arg);
+ snprintf(json, sizeof(json), "{ \"input\" : \"%s%s\", \"type\" : %d }", GET_TEXT(), val ? val : "", hint_map[dwb.state.hint_type].arg);
com = "updateHints";
g_free(val);
}
@@ -1842,7 +1842,7 @@ dwb_show_hints(Arg *arg) {
if (dwb.state.mode != HINT_MODE) {
gtk_entry_set_text(GTK_ENTRY(dwb.gui.entry), "");
char json[64];
- snprintf(json, 64, "{ \"newTab\" : \"%d\", \"type\" : \"%d\" }",
+ snprintf(json, sizeof(json), "{ \"newTab\" : \"%d\", \"type\" : \"%d\" }",
(dwb.state.nv & (OPEN_NEW_WINDOW|OPEN_NEW_VIEW)),
hint_map[arg->i].arg);
char *jsret;
@@ -1973,7 +1973,7 @@ dwb_confirm(GList *gl, char *prompt, ...) {
va_start(arg_list, prompt);
char message[STRING_LENGTH];
- vsnprintf(message, STRING_LENGTH, prompt, arg_list);
+ vsnprintf(message, sizeof(message), prompt, arg_list);
va_end(arg_list);
dwb_source_remove();
dwb_set_status_bar_text(dwb.gui.lstatus, message, &dwb.color.prompt, dwb.font.fd_active, false);
@@ -2001,7 +2001,7 @@ dwb_prompt(gboolean visibility, char *prompt, ...) {
va_list arg_list;
va_start(arg_list, prompt);
char message[STRING_LENGTH];
- vsnprintf(message, STRING_LENGTH, prompt, arg_list);
+ vsnprintf(message, sizeof(message), prompt, arg_list);
va_end(arg_list);
dwb_set_status_bar_text(dwb.gui.lstatus, message, &dwb.color.active_fg, dwb.font.fd_active, false);
if (! (dwb.state.bar_visible & BAR_VIS_STATUS) )
@@ -2114,7 +2114,7 @@ dwb_tab_label_set_text(GList *gl, const char *text) {
title = text;
char progress[11] = { 0 };
if (v->status->progress != 0) {
- snprintf(progress, 11, "[%2d%%] ", v->status->progress);
+ snprintf(progress, sizeof(progress), "[%2d%%] ", v->status->progress);
}
char *escaped = g_markup_printf_escaped("<span foreground='%s'>%d%s</span> %s%s",
LP_PROTECTED(v) ? dwb.color.tab_protected_color : dwb.color.tab_number_color,
@@ -2760,7 +2760,7 @@ void
dwb_execute_user_script(KeyMap *km, Arg *a) {
GError *error = NULL;
char nummod[64];
- snprintf(nummod, 64, "%d", NUMMOD);
+ snprintf(nummod, sizeof(nummod), "%d", NUMMOD);
char *argv[] = { a->arg, (char*)webkit_web_view_get_uri(CURRENT_WEBVIEW()), (char *)webkit_web_view_get_title(CURRENT_WEBVIEW()), (char *)dwb.misc.profile, nummod, a->p, NULL } ;
GPid pid;
GSList *list = NULL;
@@ -2853,7 +2853,7 @@ dwb_get_scripts() {
}
if ( (f = fopen(path, "r")) != NULL) {
if (fgetc(f) == '#' && fgetc(f) == '!') {
- if (fgets(buf, 11, f) != NULL && !g_strcmp0(buf, "javascript")) {
+ if (fgets(buf, sizeof(buf), f) != NULL && !g_strcmp0(buf, "javascript")) {
int next = fgetc(f);
if (g_ascii_isspace(next)) {
javascript = true;
diff --git a/src/html.c b/src/html.c
index f226cb9b..2637430f 100644
--- a/src/html.c
+++ b/src/html.c
@@ -505,7 +505,7 @@ html_load(GList *gl, const char *uri) {
gboolean ret = false;
for (guint i=0; i<LENGTH(table); i++) {
if (!strncmp(table[i].uri, uri, strlen(table[i].uri))) {
- g_strlcpy(current_uri, uri, BUFFER_LENGTH - 1);
+ g_strlcpy(current_uri, uri, sizeof(current_uri) - 1);
if (table[i].func(gl, &table[i]) == STATUS_OK) {
ret = true;
break;
diff --git a/src/js.c b/src/js.c
index 789471a4..02a83618 100644
--- a/src/js.c
+++ b/src/js.c
@@ -27,7 +27,7 @@ js_make_exception(JSContextRef ctx, JSValueRef *exception, const gchar *format,
va_start(arg_list, format);
gchar message[STRING_LENGTH];
- vsnprintf(message, STRING_LENGTH, format, arg_list);
+ vsnprintf(message, sizeof(message), format, arg_list);
va_end(arg_list);
*exception = js_char_to_value(ctx, message);
}
diff --git a/src/js.h b/src/js.h
index a46ade58..40dbdd2e 100644
--- a/src/js.h
+++ b/src/js.h
@@ -18,6 +18,7 @@
#ifndef JS_H
#define JS_H
+#include <JavaScriptCore/JavaScript.h>
void js_make_exception(JSContextRef ctx, JSValueRef *exception, const gchar *format, ...);
char * js_string_to_char(JSContextRef ctx, JSStringRef jsstring, size_t );
diff --git a/src/local.c b/src/local.c
index 9c91f8b4..64ff7424 100644
--- a/src/local.c
+++ b/src/local.c
@@ -129,16 +129,16 @@ local_show_directory(GList *gl, const char *path, gboolean add_to_history) {
fprintf(stderr, "stat failed for %s\n", fullpath);
continue;
}
- strftime(date, 50, "%x", localtime(&st.st_mtime));
- strftime(time, 50, "%X", localtime(&st.st_mtime));
+ strftime(date, sizeof(date), "%x", localtime(&st.st_mtime));
+ strftime(time, sizeof(time), "%X", localtime(&st.st_mtime));
if (st.st_size > BPGB)
- snprintf(size, 50, "%.1fG", (double)st.st_size / BPGB);
+ snprintf(size, sizeof(size), "%.1fG", (double)st.st_size / BPGB);
else if (st.st_size > BPMB)
- snprintf(size, 50, "%.1fM", (double)st.st_size / BPMB);
+ snprintf(size, sizeof(size), "%.1fM", (double)st.st_size / BPMB);
else if (st.st_size > BPKB)
- snprintf(size, 50, "%.1fK", (double)st.st_size / BPKB);
+ snprintf(size, sizeof(size), "%.1fK", (double)st.st_size / BPKB);
else
- snprintf(size, 50, "%lu", st.st_size);
+ snprintf(size, sizeof(size), "%lu", st.st_size);
char perm[11];
int bits = 0;
diff --git a/src/util.c b/src/util.c
index efa8fa4e..f7db654e 100644
--- a/src/util.c
+++ b/src/util.c
@@ -354,7 +354,7 @@ util_set_file_content(const char *filename, const char *content) {
if (content == NULL || filename == NULL)
return false;
- filename = util_expand_home(buffer, filename, PATH_MAX);
+ filename = util_expand_home(buffer, filename, sizeof(buffer));
if (g_file_test(filename, G_FILE_TEST_IS_SYMLINK)) {
link = g_file_read_link(filename, &error);
if (link == NULL) {
@@ -613,7 +613,7 @@ util_domain_from_uri(const char *uri) {
uri_p = p + 3;
}
if ( (p = strchr(uri_p, '/')) ) {
- strncpy(domain, uri_p, p - uri_p);
+ strncpy(domain, uri_p, MIN(p - uri_p, sizeof(domain)));
}
char *ret = domain[0] ? domain : uri_p;
return g_strdup(ret);
@@ -663,7 +663,7 @@ util_file_add(const char *filename, const char *text, int append, int max) {
gboolean ret = false;
if ( (file = fopen(filename, "r"))) {
- for (int i=0; fgets(buffer, sizeof buffer, file) && (max < 0 || i < max); i++) {
+ for (int i=0; fgets(buffer, sizeof(buffer), file) && (max < 0 || i < max); i++) {
tmp = buffer;
while (g_ascii_isspace(*tmp) && *tmp != '\n')
tmp++;
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-05 19:22:19 +0000