Comment 8 for bug 700742

The maximum string length accounting of this portion of the patch looks wrong.

+ const char *keyval_name = gdk_keyval_name(keyval);
+ strncat (accel, keyval_name, strlen(keyval_name));
+ accel_n -= strlen (keyval_name);

from the strncat manpage:
       If src contains n or more characters, strncat() writes n+1 characters to dest (n from src plus the termi‐
       nating null byte). Therefore, the size of dest must be at least strlen(dest)+n+1.

"accel_n" is meant to count how much room is left in the string, and should be passed to strncat as the third argument to ensure it doesn't walk off the end. This (existing) code is not very nice, to put it mildly.

I think you need to:
- strncat (accel, keyval_name, strlen(keyval_name));
+ strncat (accel, keyval_name, accel_n);

On the plus side, it is in the GTK HID, so we have access to some much more friendly string manipulation functions.
If you fancied doing so, you could (not suggesting should.. we can apply the current patch once fixed up), consider re-writing this function using g_ string handlign functions such as g_strconcat () ?

See: http://library.gnome.org/devel/glib/unstable/glib-String-Utility-Functions.html

(Be sure to remember you need to g_free() the resulting memory, not free()