From 575b9345c87f22349c948fcc814c301816315a71 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 2 Apr 2017 13:16:50 +0200
Subject: Always terminate strncpy results with '\0'.

The strncpy function does not guarantee to end the resulting character
sequence with a terminating nul character if not enough space is
available. This could be triggered by supplying a sufficiently long
output_file option.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 src/collage.c   | 6 ++++--
 src/index.c     | 6 ++++--
 src/thumbnail.c | 6 ++++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/collage.c b/src/collage.c
index bcb30fa..b975136 100644
--- a/src/collage.c
+++ b/src/collage.c
@@ -191,8 +191,10 @@ void init_collage_mode(void)
 		char output_buf[1024];
 		if (opt.output_dir)
 			snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file);
-		else
-			strncpy(output_buf, opt.output_file, 1024);
+		else {
+			strncpy(output_buf, opt.output_file, 1023);
+			output_buf[1023] = '\0';
+		}
 		gib_imlib_save_image(im_main, output_buf);
 		if (opt.verbose) {
 			int tw, th;
diff --git a/src/index.c b/src/index.c
index a71744d..7a2f5fc 100644
--- a/src/index.c
+++ b/src/index.c
@@ -324,8 +324,10 @@ void init_index_mode(void)
 
 		if (opt.output_dir)
 			snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file);
-		else
-			strncpy(output_buf, opt.output_file, 1024);
+		else {
+			strncpy(output_buf, opt.output_file, 1023);
+			output_buf[1023] = '\0';
+		}
 
 		gib_imlib_save_image_with_error_return(im_main, output_buf, &err);
 		if (err) {
diff --git a/src/thumbnail.c b/src/thumbnail.c
index c9cc24f..43168c4 100644
--- a/src/thumbnail.c
+++ b/src/thumbnail.c
@@ -381,8 +381,10 @@ void init_thumbnail_mode(void)
 
 		if (opt.output_dir)
 			snprintf(output_buf, 1024, "%s/%s", opt.output_dir, opt.output_file);
-		else
-			strncpy(output_buf, opt.output_file, 1024);
+		else {
+			strncpy(output_buf, opt.output_file, 1023);
+			output_buf[1023] = '\0';
+		}
 		gib_imlib_save_image_with_error_return(td.im_main, output_buf, &err);
 		if (err) {
 			feh_imlib_print_load_error(output_buf, td.im_main, err);
-- 
cgit v1.2.3