imPrintf: avoid going out of bound

when the last char is `$` or `\`, the `c` pointer would end up advancing past the string length. additionally use the return value of strftime for determining the string length instead of checking for '\0'. also replaces hardcoded length in strftime call to sizeof(strf). previously it was one less than sizeof(strf), but there was no real reason for that. strftime will return 0 if the resulting string (including the nul-byte) was too big. Fixes: #252
resurrecting-open-source-projects · Apr 4, 2023 · 2e33c4c · 2e33c4c
1 parent 7ee199c
commit 2e33c4c
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/src/scrot.c b/src/scrot.c
@@ -590,20 +590,20 @@ static Bool scrotXEventVisibility(Display *dpy, XEvent *ev, XPointer arg)
 static char *imPrintf(char *str, struct tm *tm, char *filenameIM,
     char *filenameThumb, Imlib_Image im)
 {
-    char *c;
     char buf[20];
     Stream ret = {0};
     long hostNameMax = 0;
     char strf[4096];
     char *tmp;
     struct stat st;
 
-    if (strftime(strf, 4095, str, tm) == 0)
+    const size_t strfLen = strftime(strf, sizeof(strf), str, tm);
+    if (strfLen == 0)
         errx(EXIT_FAILURE, "strftime returned 0");
 
     imlib_context_set_image(im);
-    for (c = strf; *c != '\0'; c++) {
-        if (*c == '$') {
+    for (const char *c = strf, *end = strf + strfLen; c < end; ++c) {
+        if (*c == '$' && (c + 1) < end) {
             c++;
             switch (*c) {
             case 'a':
@@ -680,7 +680,7 @@ static char *imPrintf(char *str, struct tm *tm, char *filenameIM,
                 streamChar(&ret, *c);
                 break;
             }
-        } else if (*c == '\\') {
+        } else if (*c == '\\' && (c + 1) < end) {
             c++;
             switch (*c) {
             case 'n':