From 77e458048d43ff52c694cac633f46714e6aaa45c Mon Sep 17 00:00:00 2001
From: Philippe Pepiot <phil@philpep.org>
Date: Fri, 3 Dec 2010 11:06:33 +0100
Subject: [PATCH] Fix tag_new() tag name possible overflow + random memory
 access

---
 src/tag.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/tag.c b/src/tag.c
index be6ca1c..26df2a5 100644
--- a/src/tag.c
+++ b/src/tag.c
@@ -508,18 +508,20 @@ tag_new(int s, char *name)
 
      ++conf.ntag[s];
 
+     /* TODO: memleak here */
      if(!name || strlen(name) == 0)
      {
          if(conf.tagnamecount)
          {
-             displayedName = zmalloc(2);
-             sprintf(displayedName, "[%d]", conf.ntag[s]);
+             /* displayedName = zmalloc(2); */
+             xasprintf(&displayedName, "[%d]", conf.ntag[s]);
          }
          else
              displayedName = conf.default_tag.name;
      }
      else
-         displayedName = name;
+         displayedName = xstrdup(name);
+
 
      Tag t = { displayedName, NULL, 0, 0,
                conf.default_tag.mwfact, conf.default_tag.nmaster,