From 7c1e28b201ed52e42ddd8b114fdfbad0720d86d2 Mon Sep 17 00:00:00 2001 From: adnano Date: Sun, 26 Feb 2023 07:45:37 -0500 Subject: Fix potential buffer overflow Calling strncpy where the size of the string to copy is equal to the size of the destination can potentially lead to a buffer overflow. To fix this, copy only what is needed with memcpy, and explicitly terminate the string with a null character. --- main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'main.c') diff --git a/main.c b/main.c index 8688f05..496521f 100644 --- a/main.c +++ b/main.c @@ -758,8 +758,9 @@ void keypress(struct menu_state *state, enum wl_keyboard_key_state key_state, if (!state->selection) { return; } - strncpy(state->text, state->selection->text, sizeof state->text); - state->cursor = strlen(state->text); + state->cursor = strnlen(state->selection->text, sizeof state->text - 1); + memcpy(state->text, state->selection->text, state->cursor); + state->text[state->cursor] = '\0'; match(state); render_frame(state); break; -- cgit v1.2.3