Fixes valgrind-found bug of the `for (walk = buf, ...` loop
reading all of `buf` even though `buf` is null-terminated string
(an only partly initialised char array).
valgrind ./i3status -c ../etc/i3status.conf --run-once
Conditional jump or move depends on uninitialised value(s)
at 0x40F15A: slurp_battery_info (print_battery_info.c:164)
by 0x40FA07: slurp_all_batteries (print_battery_info.c:558)
by 0x40FCA6: print_battery_info (print_battery_info.c:612)
by 0x409CA2: main (i3status.c:753)
* maybe_escape_markup: Make function memory-safe
This fixes#492 and an additional buffer overflow that can happen when
pango markup is enabled.
Using config
```
general {
output_format = "none"
markup = "pango"
}
order += "wireless _first_"
wireless _first_ {
format_up = "W: (%quality at %essid, %bitrate) %ip"
}
```
and renaming my phone's hotspot to `Hello world &<<<<<<hello world>>`
i3status will throw an AddressSanitizer error:
```
==1373240==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7411d720923e at pc 0x7411daa7cee9 bp 0x7ffdae6ce070 sp 0x7ffdae6cd800
WRITE of size 5 at 0x7411d720923e thread T0
#0 0x7411daa7cee8 in __interceptor_vsprintf /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1765
#1 0x7411daa7d0ff in __interceptor_sprintf /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1808
#2 0x653b2764cdaf in maybe_escape_markup ../src/output.c:102
#3 0x653b27677df9 in print_wireless_info ../src/print_wireless_info.c:607
#4 0x653b27640bf1 in main ../i3status.c:709
#5 0x7411da641ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: 6542915cee3354fbcf2b3ac5542201faec43b5c9)
#6 0x7411da641d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: 6542915cee3354fbcf2b3ac5542201faec43b5c9)
#7 0x653b27633f24 in _start (/tmp/xx/i3status/build/i3status+0x4ff24) (BuildId: c737ce6288265fa02a7617c66f51ddd16b5a8275)
Address 0x7411d720923e is located in stack of thread T0 at offset 574 in frame
#0 0x653b276750ed in print_wireless_info ../src/print_wireless_info.c:513
This frame has 10 object(s):
[48, 56) 'tmp' (line 604)
[80, 168) 'info' (line 516)
[208, 320) 'placeholders' (line 623)
[352, 382) 'string_quality' (line 569)
[416, 446) 'string_signal' (line 570)
[480, 510) 'string_noise' (line 571)
[544, 574) 'string_essid' (line 572) <== Memory access at offset 574 overflows this variable
[608, 638) 'string_frequency' (line 573)
[672, 702) 'string_ip' (line 574)
[736, 766) 'string_bitrate' (line 575)
```
With pango disabled, the error is thrown elsewhere (#492):
```
==1366779==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7bab43a0923e at pc 0x7bab4727cee9 bp 0x7ffc289d2540 sp 0x7ffc289d1cd0
WRITE of size 33 at 0x7bab43a0923e thread T0
#0 0x7bab4727cee8 in __interceptor_vsprintf /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1765
#1 0x7bab4727d0ff in __interceptor_sprintf /usr/src/debug/gcc/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1808
#2 0x5dd180858aa4 in maybe_escape_markup ../src/output.c:93
#3 0x5dd180883df9 in print_wireless_info ../src/print_wireless_info.c:607
#4 0x5dd18084cbf1 in main ../i3status.c:709
#5 0x7bab46843ccf (/usr/lib/libc.so.6+0x25ccf) (BuildId: 6542915cee3354fbcf2b3ac5542201faec43b5c9)
#6 0x7bab46843d89 in __libc_start_main (/usr/lib/libc.so.6+0x25d89) (BuildId: 6542915cee3354fbcf2b3ac5542201faec43b5c9)
#7 0x5dd18083ff24 in _start (/tmp/xx/i3status/build/i3status+0x4ff24) (BuildId: c737ce6288265fa02a7617c66f51ddd16b5a8275)
Address 0x7bab43a0923e is located in stack of thread T0 at offset 574 in frame
#0 0x5dd1808810ed in print_wireless_info ../src/print_wireless_info.c:513
This frame has 10 object(s):
[48, 56) 'tmp' (line 604)
[80, 168) 'info' (line 516)
[208, 320) 'placeholders' (line 623)
[352, 382) 'string_quality' (line 569)
[416, 446) 'string_signal' (line 570)
[480, 510) 'string_noise' (line 571)
[544, 574) 'string_essid' (line 572) <== Memory access at offset 574 overflows this variable
[608, 638) 'string_frequency' (line 573)
[672, 702) 'string_ip' (line 574)
[736, 766) 'string_bitrate' (line 575)
```
With the patch output is correct:
```
W: ( 72% at Hello world &<<<<<<hello world>>, 1,2009 Gb/s) 192.168.26.237
```
and
```
W: ( 73% at Hello world &<<<<<<hello world>>, 1,1342 Gb/s) 192.168.26.237
```
The patch changes the maybe_escape_markup function to use dynamic
allocation instead of a static buffer. Confusing pointer arithmetic is
replaced with index-based memory access. The `buffer` pointer does not
move around except for `realloc`ations.
Fixes#492Closes#525 (alternative PR)
* Revert to snprintf
On some systems, a battery's charging regulator may not charge a battery
even though it is not full. This might be the case because it was
configured to stop charging at a capacity threshold, or e.g. because
environmental conditions do not allow for charging the battery.
This commit adds this status (called 'idle') and adds support for
detecting the status on Linux.
* FreeBSD: catchup with the internal changes in code
* FreeBSD: use statvfs instead on statfs
Follow NetBSD here while here, catch up with code architecture changes