Fix a crash if `-D' is used without `-t title'

dialog(3)'s dlg_reallocate_gauge(), used both by dialog(3)'s dialog_gauge() and dialog(1)'s `--gauge', will segmentation fault in strlen(3) if no title is set for the widget. Reproducible with `dialog --gauge hi 6 20' (adding `--title ""' is enough to prevent segmentation fault). MFC after: 3 days X-MFC-to: stable/10
author: dteske <dteske@FreeBSD.org> 2016-01-27 06:21:35 +0000
committer: dteske <dteske@FreeBSD.org> 2016-01-27 06:21:35 +0000
commit: 9e39febd77269eef9d0d16682859af23e9cc83ac (patch)
tree: aef9d0ceec08c870165bbe1f1c291bb260d97d6a /lib
parent: 1f1c0f4112dbf60fee7e350dd01863d75a57446e (diff)
download: FreeBSD-src-9e39febd77269eef9d0d16682859af23e9cc83ac.zip
FreeBSD-src-9e39febd77269eef9d0d16682859af23e9cc83ac.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/libdpv/dialog_util.c b/lib/libdpv/dialog_util.c
index d047a25..267d7a5 100644
--- a/lib/libdpv/dialog_util.c
+++ b/lib/libdpv/dialog_util.c
@@ -261,6 +261,13 @@ dialog_spawn_gauge(char *init_prompt, pid_t *pid)
 			errx(EXIT_FAILURE, "Out of memory?!");
 		sprintf(dargv[n++], "--title");
 		dargv[n++] = title;
+	} else {
+		if ((dargv[n] = malloc(8)) == NULL)
+			errx(EXIT_FAILURE, "Out of memory?!");
+		sprintf(dargv[n++], "--title");
+		if ((dargv[n] = malloc(8)) == NULL)
+			errx(EXIT_FAILURE, "Out of memory?!");
+		sprintf(dargv[n++], "");
 	}
 	if (backtitle != NULL) {
 		if ((dargv[n] = malloc(12)) == NULL)
author	dteske <dteske@FreeBSD.org>	2016-01-27 06:21:35 +0000
committer	dteske <dteske@FreeBSD.org>	2016-01-27 06:21:35 +0000
commit	9e39febd77269eef9d0d16682859af23e9cc83ac (patch)
tree	aef9d0ceec08c870165bbe1f1c291bb260d97d6a /lib
parent	1f1c0f4112dbf60fee7e350dd01863d75a57446e (diff)
download	FreeBSD-src-9e39febd77269eef9d0d16682859af23e9cc83ac.zip FreeBSD-src-9e39febd77269eef9d0d16682859af23e9cc83ac.tar.gz