From 7c1e28b201ed52e42ddd8b114fdfbad0720d86d2 Mon Sep 17 00:00:00 2001
From: adnano <me@adnano.co>
Date: Sun, 26 Feb 2023 07:45:37 -0500
Subject: Fix potential buffer overflow

Calling strncpy where the size of the string to copy is equal to the
size of the destination can potentially lead to a buffer overflow. To
fix this, copy only what is needed with memcpy, and explicitly terminate
the string with a null character.
---
 main.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/main.c b/main.c
index 8688f05..496521f 100644
--- a/main.c
+++ b/main.c
@@ -758,8 +758,9 @@ void keypress(struct menu_state *state, enum wl_keyboard_key_state key_state,
 		if (!state->selection) {
 			return;
 		}
-		strncpy(state->text, state->selection->text, sizeof state->text);
-		state->cursor = strlen(state->text);
+		state->cursor = strnlen(state->selection->text, sizeof state->text - 1);
+		memcpy(state->text, state->selection->text, state->cursor);
+		state->text[state->cursor] = '\0';
 		match(state);
 		render_frame(state);
 		break;
-- 
cgit v1.2.3