user: avoid buffer overflow in sysparams.c

Rein Klazes wijn at wanadoo.nl
Mon Jan 16 05:17:59 CST 2006 

Hi,

Proposed fix for bug #4315.

Maximum 32 bit integer is 10 decimal digits.  Add a sign (if signed )
and null character and it needs a buffer size of 12. Use this size all
over sysparams.c.

Changelog:
dlls/user		: sysparams.c
Increase buffer size to 12 for getting and setting integer parameters
from/to the registry.

Rein. 
-------------- next part --------------
--- wine/dlls/user/sysparams.c	2005-12-17 09:44:49.000000000 +0100
+++ mywine/dlls/user/sysparams.c	2006-01-16 12:01:42.000000000 +0100
@@ -748,7 +748,7 @@ static BOOL get_uint_param( unsigned int
     if (!ret_ptr) return FALSE;
     if (!spi_loaded[idx])
     {
-        WCHAR buf[10];
+        WCHAR buf[12];
 
         if (SYSPARAMS_Load( regkey, value, buf, sizeof(buf) )) *value_ptr = atoiW( buf );
         spi_loaded[idx] = TRUE;
@@ -764,7 +764,7 @@ static BOOL get_twips_param( unsigned in
     if (!ret_ptr) return FALSE;
     if (!spi_loaded[idx])
     {
-        WCHAR buf[10];
+        WCHAR buf[12];
 
         if (SYSPARAMS_Load( regkey, value, buf, sizeof(buf) ))
             *value_ptr = SYSPARAMS_Twips2Pixels( atoiW(buf) );
@@ -785,7 +785,7 @@ static inline BOOL get_bool_param( unsig
 static BOOL set_uint_param_mirrored( unsigned int idx, LPCWSTR regkey, LPCWSTR regkey_mirror,
                                      LPCWSTR value, UINT *value_ptr, UINT new_val, UINT fWinIni )
 {
-    WCHAR buf[10];
+    WCHAR buf[12];
 
     wsprintfW(buf, CSu, new_val);
     if (!SYSPARAMS_Save( regkey, value, buf, fWinIni )) return FALSE;
@@ -799,7 +799,7 @@ static BOOL set_uint_param_mirrored( uns
 static BOOL save_int_param( LPCWSTR regkey, LPCWSTR value, INT *value_ptr,
                             INT new_val, UINT fWinIni )
 {
-    WCHAR buf[10];
+    WCHAR buf[12];
 
     wsprintfW(buf, CSd, new_val);
     if (!SYSPARAMS_Save( regkey, value, buf, fWinIni )) return FALSE;
@@ -1172,7 +1172,7 @@ BOOL WINAPI SystemParametersInfoW( UINT 
         spi_idx = SPI_SETMOUSE_IDX;
         if (!spi_loaded[spi_idx])
         {
-            WCHAR buf[10];
+            WCHAR buf[12];
 
             if (SYSPARAMS_Load( SPI_SETMOUSE_REGKEY, SPI_SETMOUSE_VALNAME1,
                                 buf, sizeof(buf) ))
@@ -1278,7 +1278,7 @@ BOOL WINAPI SystemParametersInfoW( UINT 
 
     case SPI_SETSCREENSAVEACTIVE:               /*     17 */
     {
-        WCHAR buf[5];
+        WCHAR buf[12];
 
         wsprintfW(buf, CSu, uiParam);
         USER_Driver->pSetScreenSaveActive( uiParam );

More information about the wine-patches mailing list