From e430ee9467f48c550456f67d13ac9aa427f10486 Mon Sep 17 00:00:00 2001
From: "Carsten Haitzler (Rasterman)" <raster@rasterman.com>
Date: Wed, 13 Aug 2014 18:10:58 +0900
Subject: [PATCH] ecore x vsync - be more conservative about DISPLAY string src

i hope this addresses CID 1229131 - don't trust the DISPLAY var
content much at all - limit it to [a-z][A-Z][0-9][-] only. hopefully
coverity is happier.
---
 src/lib/ecore_x/ecore_x_vsync_tool.c | 4 +++-
 src/lib/ecore_x/xlib/ecore_x_vsync.c | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/lib/ecore_x/ecore_x_vsync_tool.c b/src/lib/ecore_x/ecore_x_vsync_tool.c
index c6fa82e0de..c99469ad2d 100644
--- a/src/lib/ecore_x/ecore_x_vsync_tool.c
+++ b/src/lib/ecore_x/ecore_x_vsync_tool.c
@@ -239,7 +239,9 @@ _svr_init(void)
    snprintf(buf, sizeof(buf), "ecore-x-vsync-%s", disp);
    for (s = buf; *s; s++)
      {
-        if (*s == ':') *s = '=';
+        if (!(((*s >= 'a') && (*s <= 'z')) ||
+              ((*s >= 'A') && (*s <= 'Z')) ||
+              ((*s >= '0') && (*s <= '9')))) *s = '-';
      }
    svr = ecore_con_server_add(ECORE_CON_LOCAL_USER, buf, 1, NULL);
    if (!svr) exit(0);
diff --git a/src/lib/ecore_x/xlib/ecore_x_vsync.c b/src/lib/ecore_x/xlib/ecore_x_vsync.c
index ac8f7b65a9..ec41d0d9d4 100644
--- a/src/lib/ecore_x/xlib/ecore_x_vsync.c
+++ b/src/lib/ecore_x/xlib/ecore_x_vsync.c
@@ -497,7 +497,9 @@ _glvsync_animator_tick_source_set(void)
         snprintf(buf, sizeof(buf), "ecore-x-vsync-%s", disp);
         for (s = buf; *s; s++)
           {
-             if (*s == ':') *s = '=';
+             if (!(((*s >= 'a') && (*s <= 'z')) ||
+                   ((*s >= 'A') && (*s <= 'Z')) ||
+                   ((*s >= '0') && (*s <= '9')))) *s = '-';
           }
         vsync_server = ecore_con_server_connect(ECORE_CON_LOCAL_USER, buf, 1, NULL);
         if (!vsync_server)