From fe33acc7162d7f1cf7bf86f1d7cb31aa22f5d58e Mon Sep 17 00:00:00 2001 From: Bill Kendrick Date: Sat, 3 Jun 2023 14:10:13 -0700 Subject: [PATCH] Don't crash on un-wordexp()'able arguments! We run shell expansion on configuration arguments, e.g. `printcommand`, but it would crash if the config file's input was not quoted, e.g. printcommand=pstopdf - - > $HOME/print.pdf Now echo'ing an error to stderr and moving on. Be sure to quote, e.g. printcommand="pstopdf - - > $HOME/print.pdf" --- docs/CHANGES.txt | 6 ++++++ src/tuxpaint.c | 17 ++++++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/CHANGES.txt b/docs/CHANGES.txt index 33214aafe..55d4b4d32 100644 --- a/docs/CHANGES.txt +++ b/docs/CHANGES.txt @@ -94,6 +94,12 @@ https://tuxpaint.org/ data beyond the end of the data (copied from the original PNG). Bill Kendrick + * Shell expansion (via wordexp()) of configuration options containing + spaces (e.g., `printcommand=ps2pdf - - > $HOME/print.pdf`) would + fail & cause a crash. It now shows an error and recommends adding + quotes. (e.g., `printcommand="ps2pdf - - > $HOME/print.pdf"`) + Bill Kendrick + * Localization Updates: --------------------- * Russian translaton diff --git a/src/tuxpaint.c b/src/tuxpaint.c index 17fe69738..90106b8f0 100644 --- a/src/tuxpaint.c +++ b/src/tuxpaint.c @@ -22,7 +22,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA (See COPYING.txt) - June 14, 2002 - June 1, 2023 + June 14, 2002 - June 3, 2023 */ #include "platform.h" @@ -19648,6 +19648,8 @@ void do_print(void) else pcmd = printcommand; + DEBUG_PRINTF("printcmd: %s\n", printcommand); + pi = popen(pcmd, "w"); if (pi == NULL) @@ -27752,8 +27754,17 @@ static void parse_file_options(struct cfginfo *restrict tmpcfg, const char *file wordexp_t result; wordexp(arg, &result, 0); - arg = strdup(result.we_wordv[0]); - wordfree(&result); + if (result.we_wordv != NULL) + { + DEBUG_PRINTF("wordexp result.we_wordv of `%s` was `%s`\n", str, result.we_wordv[0]); + arg = strdup(result.we_wordv[0]); + wordfree(&result); + } + else + { + fprintf(stderr, "Shell expansion of `%s` failed! (You probably need to wrap it in quotes (\")!)\n", str); + continue; + } #endif #endif