Alexander Nicolaysen Sørnes : wordpad: Fix potential buffer overflow.
Alexandre Julliard
julliard at wine.codeweavers.com
Wed Jun 6 07:41:57 CDT 2007
Module: wine
Branch: master
Commit: ad57c70a6cc37bfa05630a6e76509a26fe658ee9
URL: http://source.winehq.org/git/wine.git/?a=commit;h=ad57c70a6cc37bfa05630a6e76509a26fe658ee9
Author: Alexander Nicolaysen Sørnes <alex at thehandofagony.com>
Date: Tue Jun 5 23:08:29 2007 +0200
wordpad: Fix potential buffer overflow.
---
programs/wordpad/wordpad.c | 23 ++++++++++++++++++-----
1 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/programs/wordpad/wordpad.c b/programs/wordpad/wordpad.c
index 5a9f7fd..6efc15d 100644
--- a/programs/wordpad/wordpad.c
+++ b/programs/wordpad/wordpad.c
@@ -133,15 +133,28 @@ static WCHAR wszFileName[MAX_PATH];
static void set_caption(LPCWSTR wszNewFileName)
{
- static const WCHAR wszSeparator[] = {' ','-',' ','\0'};
- WCHAR wszCaption[MAX_PATH];
+ static const WCHAR wszSeparator[] = {' ','-',' '};
if(wszNewFileName)
{
- lstrcpyW(wszCaption, wszNewFileName);
- lstrcatW(wszCaption, wszSeparator);
- lstrcatW(wszCaption, wszAppTitle);
+ WCHAR *wszCaption;
+ SIZE_T length = 0;
+
+ wszCaption = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
+ lstrlenW(wszNewFileName)*sizeof(WCHAR)+sizeof(wszSeparator)+sizeof(wszAppTitle));
+
+ if(!wszCaption)
+ return;
+
+ memcpy(wszCaption, wszNewFileName, lstrlenW(wszNewFileName)*sizeof(WCHAR));
+ length += lstrlenW(wszNewFileName);
+ memcpy(wszCaption + length, wszSeparator, sizeof(wszSeparator));
+ length += sizeof(wszSeparator) / sizeof(WCHAR);
+ memcpy(wszCaption + length, wszAppTitle, sizeof(wszAppTitle));
+
SetWindowTextW(hMainWnd, wszCaption);
+
+ HeapFree(GetProcessHeap(), 0, wszCaption);
} else
{
SetWindowTextW(hMainWnd, wszAppTitle);
More information about the wine-cvs
mailing list