--- Mowitz/MwFilesel.c.ori 2007-08-28 21:59:40.000000000 +0200 +++ Mowitz/MwFilesel.c 2007-08-28 22:10:06.000000000 +0200 @@ -367,16 +367,33 @@ static void fsel_done(Widget w, XtPointer client_data, XtPointer call_data) { - char path[1024], newpath[1024]; + char path[PATH_MAX], newpath[PATH_MAX]; struct stat buf; String string; + int failed = 0; XtVaGetValues(fsel_filetext, XtNstring, &string, (char *)0); - if (string[0] == '/') strcpy(path, string); - else sprintf(path, "%s/%s", MwLabelGet(fsel_dirbutton), string); - realpath(path, newpath); - if (!stat(newpath, &buf) && - (S_IFDIR & buf.st_mode)) { + + if (string[0] == '/') { + if (strlen(string) >= PATH_MAX) { + fprintf(stderr, "Filename too long %s\n", string); + failed = 1; + } else { + strcpy(path, string); + } + } else { + if (snprintf(path, PATH_MAX, "%s/%s", MwLabelGet(fsel_dirbutton), string) >= PATH_MAX) { + fprintf(stderr, "Path too long %s/%s\n", MwLabelGet(fsel_dirbutton), string); + failed = 1; + } + } + if(!failed && !realpath(path, newpath)) { + newpath[0] = '\0'; + fprintf(stderr, "Couldn't realpath %s\n", path); + failed = 1; + } + if (failed || + (!stat(newpath, &buf) && (S_IFDIR & buf.st_mode))) { MwLabelSet(fsel_dirbutton, newpath); XtVaSetValues(fsel_filetext, XtNstring, "", (char *)0);