comctl32: tooltips: avoid buffer overrun (spotted by
[email protected], bug #8361),
make sure some strings are NUL-terminated
Alexandre Julliard
julliard at winehq.org
Thu Jul 19 06:01:00 CDT 2007
Mikołaj Zalewski <mikolaj at zalewski.pl> writes:
> @@ -389,10 +390,10 @@ static void TOOLTIPS_GetDispInfoW(HWND hwnd, TOOLTIPS_INFO *infoPtr, TTTOOL_INFO
> sizeof(ttnmdi.szText)/sizeof(ttnmdi.szText[0]) : INFOTIPSIZE-1;
> lstrcpynW(infoPtr->szTipText, ttnmdi.lpszText, max_len);
> if (ttnmdi.uFlags & TTF_DI_SETITEM) {
> - INT len = max(strlenW(ttnmdi.lpszText), max_len);
> + INT len = min(strlenW(ttnmdi.lpszText), max_len);
It the text is really allowed to not be null-terminated then calling
strlenW on it is wrong in any case. It does seem surprising though,
are you sure we really need to support this?
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list