Fix potential buffer overflow Calling strncpy where the size of the string to copy is equal to the size of the destination can potentially lead to a buffer overflow. To fix this, copy only what is needed with memcpy, and explicitly terminate the string with a null character.
1 files changed, 3 insertions(+), 2 deletions(-) M main.c
M main.c => main.c +3 -2
@@ 758,8 758,9 @@ void keypress(struct menu_state *state, enum wl_keyboard_key_state key_state, if (!state->selection) { return; } strncpy(state->text, state->selection->text, sizeof state->text); state->cursor = strlen(state->text); state->cursor = strnlen(state->selection->text, sizeof state->text - 1); memcpy(state->text, state->selection->text, state->cursor); state->text[state->cursor] = '\0'; match(state); render_frame(state); break;