Alexander Nicolaysen Sørnes : wordpad: Fix potential buffer overflow.

Alexandre Julliard julliard at wine.codeweavers.com
Wed Jun 6 07:41:57 CDT 2007


Module: wine
Branch: master
Commit: ad57c70a6cc37bfa05630a6e76509a26fe658ee9
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=ad57c70a6cc37bfa05630a6e76509a26fe658ee9

Author: Alexander Nicolaysen Sørnes <alex at thehandofagony.com>
Date:   Tue Jun  5 23:08:29 2007 +0200

wordpad: Fix potential buffer overflow.

---

 programs/wordpad/wordpad.c |   23 ++++++++++++++++++-----
 1 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/programs/wordpad/wordpad.c b/programs/wordpad/wordpad.c
index 5a9f7fd..6efc15d 100644
--- a/programs/wordpad/wordpad.c
+++ b/programs/wordpad/wordpad.c
@@ -133,15 +133,28 @@ static WCHAR wszFileName[MAX_PATH];
 
 static void set_caption(LPCWSTR wszNewFileName)
 {
-    static const WCHAR wszSeparator[] = {' ','-',' ','\0'};
-    WCHAR wszCaption[MAX_PATH];
+    static const WCHAR wszSeparator[] = {' ','-',' '};
 
     if(wszNewFileName)
     {
-        lstrcpyW(wszCaption, wszNewFileName);
-        lstrcatW(wszCaption, wszSeparator);
-        lstrcatW(wszCaption, wszAppTitle);
+        WCHAR *wszCaption;
+        SIZE_T length = 0;
+
+        wszCaption = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
+                    lstrlenW(wszNewFileName)*sizeof(WCHAR)+sizeof(wszSeparator)+sizeof(wszAppTitle));
+
+        if(!wszCaption)
+            return;
+
+        memcpy(wszCaption, wszNewFileName, lstrlenW(wszNewFileName)*sizeof(WCHAR));
+        length += lstrlenW(wszNewFileName);
+        memcpy(wszCaption + length, wszSeparator, sizeof(wszSeparator));
+        length += sizeof(wszSeparator) / sizeof(WCHAR);
+        memcpy(wszCaption + length, wszAppTitle, sizeof(wszAppTitle));
+
         SetWindowTextW(hMainWnd, wszCaption);
+
+        HeapFree(GetProcessHeap(), 0, wszCaption);
     } else
     {
         SetWindowTextW(hMainWnd, wszAppTitle);




More information about the wine-cvs mailing list