From 3ebe04ee8ea2e5362678a102f6b1a4b418613f20 Mon Sep 17 00:00:00 2001
From: tobias <tobias>
Date: Thu, 16 Apr 2020 17:12:49 +0000
Subject: Prevent out of boundary write with configuration files in which too
 many quoted arguments are stored for other window managers.

The quotation handling happens within the while loop without checking if
the "end" limit has been already reached. If this happens, the final
NULL assignment leads to an out of boundary write on stack.

OK okan@
---
 util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util.c b/util.c
index 7c4bb5e..904a54c 100644
--- a/util.c
+++ b/util.c
@@ -53,7 +53,7 @@ u_exec(char *argstr)
 {
 #define MAXARGLEN 20
 	char	*args[MAXARGLEN], **ap = args;
-	char	**end = &args[MAXARGLEN - 1], *tmp;
+	char	**end = &args[MAXARGLEN - 2], *tmp;
 	char	*s = argstr;
 
 	while (ap < end && (*ap = strsep(&argstr, " \t")) != NULL) {
-- 
cgit 1.4.1