Alexandre Julliard : comdlg32: Fixed a number of buffer overflows in the file dialog.
Alexandre Julliard
julliard at winehq.org
Tue Mar 25 14:19:51 CDT 2008
Module: wine
Branch: master
Commit: 1e9acad3a07cd5e631829dd1ee7cee14b41884d5
URL: http://source.winehq.org/git/wine.git/?a=commit;h=1e9acad3a07cd5e631829dd1ee7cee14b41884d5
Author: Alexandre Julliard <julliard at winehq.org>
Date: Tue Mar 25 17:34:32 2008 +0100
comdlg32: Fixed a number of buffer overflows in the file dialog.
---
dlls/comdlg32/filedlg.c | 25 +++++++++++--------------
1 files changed, 11 insertions(+), 14 deletions(-)
diff --git a/dlls/comdlg32/filedlg.c b/dlls/comdlg32/filedlg.c
index 13b4c79..3e662ec 100644
--- a/dlls/comdlg32/filedlg.c
+++ b/dlls/comdlg32/filedlg.c
@@ -889,7 +889,7 @@ static INT_PTR FILEDLG95_Handle_GetFilePath(HWND hwnd, DWORD size, LPVOID buffer
{
/* 'n' includes trailing \0 */
bufW[n-1] = '\\';
- memcpy( &bufW[n], lpstrFileList, (size-n)*sizeof(WCHAR) );
+ lstrcpynW( &bufW[n], lpstrFileList, size - n );
}
TRACE("returned -> %s\n",debugstr_wn(bufW, total));
}
@@ -931,16 +931,15 @@ static INT_PTR FILEDLG95_Handle_GetFileSpec(HWND hwnd, DWORD size, LPVOID buffer
FILEDLG95_FILENAME_GetFileNames(hwnd, &lpstrFileList, &sizeUsed, ' ');
if( fodInfos->unicode )
{
- LPWSTR bufW = buffer;
- memcpy( bufW, lpstrFileList, sizeof(WCHAR)*sizeUsed );
+ lstrcpynW( buffer, lpstrFileList, size );
}
else
{
LPSTR bufA = buffer;
- sizeUsed = WideCharToMultiByte( CP_ACP, 0, lpstrFileList, sizeUsed,
- NULL, 0, NULL, NULL);
- WideCharToMultiByte(CP_ACP, 0, lpstrFileList, sizeUsed,
- bufA, size, NULL, NULL);
+ DWORD sizeA = WideCharToMultiByte( CP_ACP, 0, lpstrFileList, sizeUsed, NULL, 0, NULL, NULL);
+ WideCharToMultiByte(CP_ACP, 0, lpstrFileList, sizeUsed, bufA, size, NULL, NULL);
+ if (size && size < sizeA) bufA[size - 1] = 0;
+ sizeUsed = sizeA;
}
MemFree(lpstrFileList);
@@ -3237,29 +3236,27 @@ static int FILEDLG95_FILENAME_GetFileNames (HWND hwnd, LPWSTR * lpstrFileList, U
while ((lpstrEdit[nStrCharCount]!='"') && (nStrCharCount <= nStrLen))
{
(*lpstrFileList)[nFileIndex++] = lpstrEdit[nStrCharCount];
- (*sizeUsed)++;
nStrCharCount++;
}
(*lpstrFileList)[nFileIndex++] = separator;
- (*sizeUsed)++;
nFileCount++;
}
nStrCharCount++;
}
/* single, unquoted string */
- if ((nStrLen > 0) && (*sizeUsed == 0) )
+ if ((nStrLen > 0) && (nFileIndex == 0) )
{
lstrcpyW(*lpstrFileList, lpstrEdit);
nFileIndex = lstrlenW(lpstrEdit) + 1;
- (*sizeUsed) = nFileIndex;
nFileCount = 1;
}
- /* trailing \0 */
- (*lpstrFileList)[nFileIndex] = '\0';
- (*sizeUsed)++;
+ /* trailing \0 */
+ if (nFileIndex && separator) nFileIndex--; /* remove trailing separator */
+ (*lpstrFileList)[nFileIndex++] = '\0';
+ *sizeUsed = nFileIndex;
MemFree(lpstrEdit);
return nFileCount;
}
More information about the wine-cvs
mailing list