diff options
| author |  Lubomir I. Ivanov <neolit123@gmail.com> | 2012-10-18 00:43:48 +0300 |
|---|---|---|
| committer |  Dirk Hohndel <dirk@hohndel.org> | 2012-10-17 15:08:33 -0700 |
| commit | 88a321c9833de40be77c133b8818b9abdcae3c2e (patch) | |
| tree | 855ee7df1616b5b794723c27102b5e645715da3e | |
| parent | 557a83576522b70709ee12a45077f40d321251a5 (diff) | |
| download | subsurface-88a321c9833de40be77c133b8818b9abdcae3c2e.tar.gz | |
Allocate memory for and truncate strings that go into the title bar
info.c:show_dive_info() uses buffers of 80 char, which might not be enough
for all unicode strings to fit. The function snprintf() can be used to
truncate a string to the maximum buffer length, however this should
not be used with unicode strings, since it can split the bytes of a
wide char, causing some corruption.
Instead of a fixed buffer we now allocate/free memory for the title text and
attempt to more safely truncate user entered text by using g_utf8_strlen()
and g_utf8_strncpy(). Long unicode filenames still remain a responsibility
of the user, but they should be now safe as well. On the other hand the string
formed by the function divename() and the variable maxlen should be
monitored by developers to accommodate all translations.
Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
| -rw-r--r-- | info.c | 42 |
1 files changed, 34 insertions, 8 deletions
@@ -114,17 +114,26 @@ static int divename(char *buf, size_t size, struct dive *dive) void show_dive_info(struct dive *dive) { + const char *subs = "Subsurface: "; const char *text; - char buffer[80]; - char title[80]; + const int maxlen = 128; char *basename; + char *title; + char *buffer = NULL; + int len1, len2, sz; if (!dive) { if (existing_filename) { basename = g_path_get_basename(existing_filename); - snprintf(title, 80, "Subsurface: %s", basename); - free(basename); + len1 = strlen(subs); + len2 = g_utf8_strlen(basename, -1); + sz = (len1 + len2 + 1) * sizeof(gunichar); + title = malloc(sz); + strncpy(title, subs, len1); + g_utf8_strncpy(title + len1, basename, len2); gtk_window_set_title(GTK_WINDOW(main_window), title); + free(basename); + free(title); } else { gtk_window_set_title(GTK_WINDOW(main_window), "Subsurface"); } @@ -143,23 +152,40 @@ void show_dive_info(struct dive *dive) text = ""; if (*text) { if (dive->number) { - snprintf(buffer, sizeof(buffer), _("Dive #%d - %s"), dive->number, text); + len1 = g_utf8_strlen(text, -1); + sz = (len1 + 32) * sizeof(gunichar); + buffer = malloc(sz); + snprintf(buffer, sz, _("Dive #%d - "), dive->number); + g_utf8_strncpy(buffer + strlen(buffer), text, len1); text = buffer; } } else { - divename(buffer, sizeof(buffer), dive); + sz = (maxlen + 32) * sizeof(gunichar); + buffer = malloc(sz); + divename(buffer, sz, dive); text = buffer; } /* put it all together */ if (existing_filename) { basename = g_path_get_basename(existing_filename); - snprintf(title, 80, "%s: %s", basename, text); - free(basename); + len1 = g_utf8_strlen(basename, -1); + len2 = g_utf8_strlen(text, -1); + if (len2 > maxlen) + len2 = maxlen; + sz = (len1 + len2 + 3) * sizeof(gunichar); /* reserver space for ": " */ + title = malloc(sz); + g_utf8_strncpy(title, basename, len1); + strncpy(title + strlen(basename), (const char *)": ", 2); + g_utf8_strncpy(title + strlen(basename) + 2, text, len2); gtk_window_set_title(GTK_WINDOW(main_window), title); + free(basename); + free(title); } else { gtk_window_set_title(GTK_WINDOW(main_window), text); } + if (buffer) + free(buffer); SET_TEXT_VALUE(divemaster); SET_TEXT_VALUE(buddy); SET_TEXT_VALUE(location); |