From 92ecb3c3ed0bceb44bfb2e5c9ef61a45154a9154 Mon Sep 17 00:00:00 2001
From: Christophe CURIS <christophe.curis@free.fr>
Date: Sat, 17 May 2014 20:18:21 +0200
Subject: [PATCH] WMaker: rewrote generation of title for the Icon Chooser to
 avoid problems

The original code did have a few weaknesses, including:
 - possible buffer overflow, if the translation was too long;
 - possible crash, if either instance or class is NULL but not both

Now the appropriate length is calculated (not counting on a margin) and the
string is generated with the available elements.

As a side note, the variable was renamed from 'tmp' to 'title' for clarity.

This was highlighted by cppcheck (thanks to David Maciejak) and by
Coverity (bug #50078).

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
---
 src/dialog.c | 40 +++++++++++++++++++++++++++++-----------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/src/dialog.c b/src/dialog.c
index da126ae5..11027471 100644
--- a/src/dialog.c
+++ b/src/dialog.c
@@ -1011,22 +1011,40 @@ Bool wIconChooserDialog(WScreen *scr, char **file, const char *instance, const c
 	XReparentWindow(dpy, WMWidgetXID(panel->win), parent, 0, 0);
 
 	{
-		char *tmp;
-		int len = (instance ? strlen(instance) : 0)
-		    + (class ? strlen(class) : 0) + 32;
+		static const char *prefix = NULL;
+		char *title;
+		int len;
 		WMPoint center;
 
-		tmp = wmalloc(len);
-
-		if (tmp && (instance || class))
-			snprintf(tmp, len, "%s [%s.%s]", _("Icon Chooser"), instance, class);
-		else
-			strcpy(tmp, _("Icon Chooser"));
+		if (prefix == NULL)
+			prefix = _("Icon Chooser");
+
+		len = strlen(prefix)
+			+ 2	// " ["
+			+ (instance ? strlen(instance) : 0)
+			+ 1	// "."
+			+ (class ? strlen(class) : 0)
+			+ 1	// "]"
+			+ 1;	// final NUL
+
+		title = wmalloc(len);
+		strcpy(title, prefix);
+
+		if (instance || class) {
+			strcat(title, " [");
+			if (instance != NULL)
+				strcat(title, instance);
+			if (instance && class)
+				strcat(title, ".");
+			if (class != NULL)
+				strcat(title, class);
+			strcat(title, "]");
+		}
 
 		center = getCenter(scr, 450, 280);
 
-		wwin = wManageInternalWindow(scr, parent, None, tmp, center.x, center.y, 450, 280);
-		wfree(tmp);
+		wwin = wManageInternalWindow(scr, parent, None, title, center.x, center.y, 450, 280);
+		wfree(title);
 	}
 
 	/* put icon paths in the list */
-- 
2.11.4.GIT