Jörg Höhle : kernel32: Avoid unprotected sprintf on registry/user-supplied format string.
Alexandre Julliard
julliard at winehq.org
Wed Jul 1 09:28:10 CDT 2009
Module: wine
Branch: master
Commit: c3b80267894059fec3f703d20efb61c5bc6ae58c
URL: http://source.winehq.org/git/wine.git/?a=commit;h=c3b80267894059fec3f703d20efb61c5bc6ae58c
Author: Jörg Höhle <hoehle at users.sourceforge.net>
Date: Wed Jul 1 09:53:15 2009 +0200
kernel32: Avoid unprotected sprintf on registry/user-supplied format string.
---
dlls/kernel32/except.c | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/dlls/kernel32/except.c b/dlls/kernel32/except.c
index 53a4515..ca39ec6 100644
--- a/dlls/kernel32/except.c
+++ b/dlls/kernel32/except.c
@@ -265,15 +265,16 @@ static BOOL start_debugger(PEXCEPTION_POINTERS epointers, HANDLE hEvent)
if (format)
{
- cmdline = HeapAlloc(GetProcessHeap(), 0, strlen(format) + 2*20);
- sprintf(cmdline, format, GetCurrentProcessId(), hEvent);
+ size_t format_size = strlen(format) + 2*20;
+ cmdline = HeapAlloc(GetProcessHeap(), 0, format_size);
+ snprintf(cmdline, format_size, format, (long)GetCurrentProcessId(), (long)HandleToLong(hEvent));
HeapFree(GetProcessHeap(), 0, format);
}
else
{
cmdline = HeapAlloc(GetProcessHeap(), 0, 80);
- sprintf(cmdline, "winedbg --auto %d %ld",
- GetCurrentProcessId(), (ULONG_PTR)hEvent);
+ snprintf(cmdline, 80, "winedbg --auto %ld %ld", /* as in tools/wine.inf */
+ (long)GetCurrentProcessId(), (long)HandleToLong(hEvent));
}
if (!bAuto)
More information about the wine-cvs
mailing list