A few comments:
Since sizeof(char) is 1, it is not needed to write
malloc(... + 5 * sizeof(char))
but just
malloc(... + 5)
And actually, only 4 extra characters are needed, so don't waste that
byte ;)
And never use a multiplication in a malloc, never, ever. It has been
the source of remote-root exploits (due to integer overflow). Simple
rule: If there is a multiplication needed, use calloc:
malloc(n * sizeof whatever) /* never, ever */
use
calloc(n, sizeof whatever) /* this is the way to go */
The original code contains a nice bug:
title = XtMalloc(strlen(pre) + strlen(suf) + 2);
sprintf(title, "%s - %s", pre, suf);
The format string alone adds 3 characters to the final string (' - '),
and then there is the NUL terminating characters, so the target buffer
needs to be at least strlen(pre) + strlen(suf) + 4 characters long, but
here a smaller buffer is allocated. This nicely demonstrates the
evilness of sprintf...
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
