# HG changeset patch # User bsmith@81767d24-ef19-dc11-ae90-00e081727c95 # Date 1603759933 0 # Node ID ae6626a4331ff26f41cb407ced5873aeba8ac9ae # Parent 319eeecb411e21745bcf9b4814444db3f1e69d4e GTK: Same change from tmpnam() to mkstemp() for GTK2 plus extra safety checks on both GTK2 and GTK3. diff -r 319eeecb411e -r ae6626a4331f gtk/dw.c --- a/gtk/dw.c Tue Oct 27 00:15:46 2020 +0000 +++ b/gtk/dw.c Tue Oct 27 00:52:13 2020 +0000 @@ -4954,10 +4954,8 @@ GdkPixmap *tmp = NULL; #endif int _locked_by_me = FALSE; - char *file; - FILE *fp; - - if (!id && !data) + + if(!id && !data) return; DW_MUTEX_LOCK; @@ -4970,22 +4968,24 @@ * A real hack; create a temporary file and write the contents * of the data to the file */ - file = tmpnam( NULL ); - fp = fopen( file, "wb" ); - if ( fp ) - { - fwrite( data, len, 1, fp ); - fclose( fp ); - } - else + char template[] = "/tmp/dwpixmapXXXXXX"; + int written = -1, fd = mkstemp(template); + + if(fd != -1) + { + written = write(fd, data, len); + close(fd); + } + /* Bail if we couldn't write full file */ + if(fd == -1 || written != len) { DW_MUTEX_UNLOCK; return; } #if GTK_MAJOR_VERSION > 1 - pixbuf = gdk_pixbuf_new_from_file(file, NULL ); + pixbuf = gdk_pixbuf_new_from_file(template, NULL); #elif defined(USE_IMLIB) - image = gdk_imlib_load_image(file); + image = gdk_imlib_load_image(template); gdk_imlib_render(image, image->rgb_width, image->rgb_height); tmp = gdk_imlib_copy_image(image); bitmap = gdk_imlib_copy_mask(image); @@ -4994,7 +4994,7 @@ tmp = gdk_pixmap_create_from_xpm_d(handle->window, &bitmap, &_colors[DW_CLR_PALEGRAY], mydata); #endif /* remove our temporary file */ - unlink (file ); + unlink(template); } else if (id) #if GTK_MAJOR_VERSION > 1 @@ -7138,9 +7138,8 @@ */ HICN API dw_icon_load_from_data(const char *data, int len) { - int found = -1, _locked_by_me = FALSE; - char *file; - FILE *fp; + int fd, written = -1, found = -1, _locked_by_me = FALSE; + char template[] = "/tmp/dwiconXXXXXX"; #if GTK_MAJOR_VERSION > 1 GdkPixbuf *pixbuf; #elif defined(USE_IMLIB) @@ -7153,20 +7152,17 @@ * A real hack; create a temporary file and write the contents * of the data to the file */ - file = tmpnam( NULL ); - fp = fopen( file, "wb" ); - if ( fp ) - { - fwrite( data, len, 1, fp ); - fclose( fp ); - } - else - { - DW_MUTEX_UNLOCK; + if((fd = mkstemp(template)) != -1) + { + written = write(fd, data, len); + close(fd); + } + /* Bail if we couldn't write full file */ + if(fd == -1 || written != len) return 0; - } + /* Find a free entry in the array */ - for (z=0;z<_PixmapCount;z++) + for(z=0;z<_PixmapCount;z++) { if(!_PixmapArray[z].used) { @@ -7178,7 +7174,7 @@ /* If there are no free entries, expand the * array. */ - if (found == -1) + if(found == -1) { DWPrivatePixmap *old = _PixmapArray; @@ -7196,8 +7192,9 @@ } #if GTK_MAJOR_VERSION > 1 - pixbuf = _icon_resize(gdk_pixbuf_new_from_file(file, NULL)); - if (pixbuf) + pixbuf = _icon_resize(gdk_pixbuf_new_from_file(template, NULL)); + + if(pixbuf) { _PixmapArray[found].pixbuf = pixbuf; _PixmapArray[found].width = gdk_pixbuf_get_width(pixbuf); @@ -7206,9 +7203,9 @@ gdk_pixbuf_render_pixmap_and_mask(pixbuf, &_PixmapArray[found].pixmap, &_PixmapArray[found].mask, 1); } #elif defined(USE_IMLIB) - image = gdk_imlib_load_image(file); - - if (image) + image = gdk_imlib_load_image(template); + + if(image) { _PixmapArray[found].width = image->rgb_width; _PixmapArray[found].height = image->rgb_height; @@ -7219,13 +7216,13 @@ gdk_imlib_destroy_image(image); } #else - if (last_window) + if(last_window) _PixmapArray[found].pixmap = gdk_pixmap_create_from_xpm_d(last_window->window, &_PixmapArray[found].mask, &_colors[DW_CLR_PALEGRAY], data); #endif /* remove our temporary file */ - unlink (file ); - DW_MUTEX_UNLOCK; - if (!_PixmapArray[found].pixmap || !_PixmapArray[found].mask) + unlink(template); + DW_MUTEX_UNLOCK; + if(!_PixmapArray[found].pixmap || !_PixmapArray[found].mask) { _PixmapArray[found].used = 0; _PixmapArray[found].pixmap = _PixmapArray[found].mask = NULL; @@ -9065,17 +9062,16 @@ */ HPIXMAP dw_pixmap_new_from_data(HWND handle, const char *data, int len) { - int _locked_by_me = FALSE; - char *file; - FILE *fp; + int fd, written = -1, _locked_by_me = FALSE; HPIXMAP pixmap; #if GTK_MAJOR_VERSION > 1 GdkPixbuf *pixbuf; #elif defined(USE_IMLIB) GdkImlibImage *image; #endif - - if (!data || !(pixmap = calloc(1,sizeof(struct _hpixmap)))) + char template[] = "/tmp/dwpixmapXXXXXX"; + + if(!data || !(pixmap = calloc(1,sizeof(struct _hpixmap)))) return NULL; DW_MUTEX_LOCK; @@ -9083,26 +9079,25 @@ * A real hack; create a temporary file and write the contents * of the data to the file */ - file = tmpnam( NULL ); - fp = fopen( file, "wb" ); - if ( fp ) - { - fwrite( data, len, 1, fp ); - fclose( fp ); - } - else + if((fd = mkstemp(template)) != -1) + { + written = write(fd, data, len); + close(fd); + } + /* Bail if we couldn't write full file */ + if(fd == -1 || written != len) { DW_MUTEX_UNLOCK; return 0; } #if GTK_MAJOR_VERSION > 1 - pixbuf = gdk_pixbuf_new_from_file(file, NULL); + pixbuf = gdk_pixbuf_new_from_file(template, NULL); pixmap->width = gdk_pixbuf_get_width(pixbuf); pixmap->height = gdk_pixbuf_get_height(pixbuf); gdk_pixbuf_render_pixmap_and_mask(pixbuf, &pixmap->pixmap, &pixmap->bitmap, 1); g_object_unref(pixbuf); #elif defined(USE_IMLIB) - image = gdk_imlib_load_image(file); + image = gdk_imlib_load_image(template); pixmap->width = image->rgb_width; pixmap->height = image->rgb_height; @@ -9114,7 +9109,7 @@ pixmap->pixmap = gdk_pixmap_create_from_xpm_d(handle->window, &pixmap->bitmap, &_colors[DW_CLR_PALEGRAY], data); #endif /* remove our temporary file */ - unlink (file ); + unlink(template); pixmap->handle = handle; DW_MUTEX_UNLOCK; return pixmap; diff -r 319eeecb411e -r ae6626a4331f gtk3/dw.c --- a/gtk3/dw.c Tue Oct 27 00:15:46 2020 +0000 +++ b/gtk3/dw.c Tue Oct 27 00:52:13 2020 +0000 @@ -4554,14 +4554,15 @@ * of the data to the file */ char template[] = "/tmp/dwpixmapXXXXXX"; - int fd = mkstemp(template); - - if(fd) - { - write(fd, data, len); + int written = -1, fd = mkstemp(template); + + if(fd != -1) + { + written = write(fd, data, len); close(fd); } - else + /* Bail if we couldn't write full file */ + if(fd == -1 || written != len) { DW_MUTEX_UNLOCK; return; @@ -6026,7 +6027,7 @@ */ HICN API dw_icon_load_from_data(const char *data, int len) { - int fd, _locked_by_me = FALSE; + int fd, written = -1, _locked_by_me = FALSE; char template[] = "/tmp/dwiconXXXXXX"; HICN ret = 0; @@ -6034,12 +6035,13 @@ * A real hack; create a temporary file and write the contents * of the data to the file */ - if((fd = mkstemp(template))) - { - write(fd, data, len); + if((fd = mkstemp(template)) != -1) + { + written = write(fd, data, len); close(fd); } - else + /* Bail if we couldn't write full file */ + if(fd == -1 || written != len) return 0; DW_MUTEX_LOCK; ret = _icon_resize(gdk_pixbuf_new_from_file(template, NULL)); @@ -7837,7 +7839,7 @@ */ HPIXMAP dw_pixmap_new_from_data(HWND handle, const char *data, int len) { - int fd, _locked_by_me = FALSE; + int fd, written = -1, _locked_by_me = FALSE; HPIXMAP pixmap; char template[] = "/tmp/dwpixmapXXXXXX"; @@ -7849,12 +7851,13 @@ * A real hack; create a temporary file and write the contents * of the data to the file */ - if((fd = mkstemp(template))) - { - write(fd, data, len); + if((fd = mkstemp(template)) != -1) + { + written = write(fd, data, len); close(fd); } - else + /* Bail if we couldn't write full file */ + if(fd == -1 || written != len) { DW_MUTEX_UNLOCK; return 0;