gui/SOURCES/xscreensaver-6.00-0007-fontglide.c-drain_input-terminate-with-null-explicit.patch

From 3837ddc61ca11a811444e32bb8b248947d83807f Mon Sep 17 00:00:00 2001
From: Mamoru TASAKA <mtasaka@fedoraproject.org>
Date: Wed, 5 May 2021 23:23:48 +0900
Subject: [PATCH] fontglide.c: drain_input: terminate with null explicitly

Currently, when launching fontglide for some long time, fontglide comes to
no longer show any characters.

get_word_text() logic apparently expects that s->buf (where s is state *)
ends with null character.
struct state is initialized with calloc(), so at the first s->buf is initialized
with all zero, so at the first s->buf is terminated with null character.
However sometimes s->buf is memmove()ed in get_word_text(), and the next time
get_word_text() fills s->buf and s->buf_tail is increased.
At the time, s->buf[s->buf_tail] can be non-null character.

After all, sometimes at the end of get_word_text(), s->buf_tail can be negative
(i.e. "start" and "end" in get_word_text() point to some unexpected positions).
When that happens, in drain_input(), the condition
"s->buf_tail < sizeof(s->buf) - 2" gets "false", because "sizeof" returns
"size_t", which is unsigned, so s->buf_tail gets very large integer.
So the contents of s->buf will no longer be updated.
As the result, fontglide will no longer show any characters on the screen.

To avoid the above bug, explicitly make s->buf terminate with null on
drain_input.
---
 hacks/fontglide.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hacks/fontglide.c b/hacks/fontglide.c
index be1ac63..b99b1d1 100644
--- a/hacks/fontglide.c
+++ b/hacks/fontglide.c
@@ -698,6 +698,7 @@ get_word_text (state *s)
       int n = end - s->buf;
       memmove (s->buf, end, sizeof(s->buf) - n);
       s->buf_tail -= n;
+      if (s->buf_tail < 0) abort();
     }
 
   return result;
@@ -2283,6 +2284,7 @@ drain_input (state *s)
       else
         break;
     }
+  s->buf[s->buf_tail] = 0;
 }
 
 
-- 
2.31.1