Juan Lang : shell32: Dynamically allocate buffer for quoted command.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: b829f034f57ef757c5ddedb62d516eae49f05ac7
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=b829f034f57ef757c5ddedb62d516eae49f05ac7

Author: Juan Lang <juan.lang at gmail.com>
Date:   Fri Nov 16 12:40:25 2007 -0800

shell32: Dynamically allocate buffer for quoted command.

---

 dlls/shell32/shlexec.c |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/dlls/shell32/shlexec.c b/dlls/shell32/shlexec.c
index 5b1a625..2036a09 100644
--- a/dlls/shell32/shlexec.c
+++ b/dlls/shell32/shlexec.c
@@ -1371,7 +1371,17 @@ static UINT_PTR SHELL_quote_and_execute( LPCWSTR wcmd, LPCWSTR wszParameters, LP
     static const WCHAR wQuote[] = {'"',0};
     static const WCHAR wSpace[] = {' ',0};
     UINT_PTR retval;
-    WCHAR wszQuotedCmd[MAX_PATH+2];
+    DWORD len;
+    WCHAR *wszQuotedCmd;
+
+    /* Length of quotes plus length of command plus NULL terminator */
+    len = 2 + lstrlenW(wcmd) + 1;
+    if (wszParameters[0])
+    {
+        /* Length of space plus length of parameters */
+        len += 1 + lstrlenW(wszParameters);
+    }
+    wszQuotedCmd = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
     /* Must quote to handle case where cmd contains spaces,
      * else security hole if malicious user creates executable file "C:\\Program"
      */
@@ -1387,6 +1397,7 @@ static UINT_PTR SHELL_quote_and_execute( LPCWSTR wcmd, LPCWSTR wszParameters, LP
         retval = execute_from_key(lpstrProtocol, wszApplicationName, env, psei->lpParameters, wcmd, execfunc, psei, psei_out);
     else
         retval = execfunc(wszQuotedCmd, env, FALSE, psei, psei_out);
+    HeapFree(GetProcessHeap(), 0, wszQuotedCmd);
     return retval;
 }