Jörg Höhle : kernel32: Avoid unprotected sprintf on registry/user-supplied format string.

Wed Jul 1 09:28:10 CDT 2009

Module: wine
Branch: master
Commit: c3b80267894059fec3f703d20efb61c5bc6ae58c
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=c3b80267894059fec3f703d20efb61c5bc6ae58c

Author: Jörg Höhle <hoehle at users.sourceforge.net>
Date:   Wed Jul  1 09:53:15 2009 +0200

kernel32: Avoid unprotected sprintf on registry/user-supplied format string.

---

 dlls/kernel32/except.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/dlls/kernel32/except.c b/dlls/kernel32/except.c
index 53a4515..ca39ec6 100644
--- a/dlls/kernel32/except.c
+++ b/dlls/kernel32/except.c
@@ -265,15 +265,16 @@ static BOOL	start_debugger(PEXCEPTION_POINTERS epointers, HANDLE hEvent)
 
     if (format)
     {
-        cmdline = HeapAlloc(GetProcessHeap(), 0, strlen(format) + 2*20);
-        sprintf(cmdline, format, GetCurrentProcessId(), hEvent);
+        size_t format_size = strlen(format) + 2*20;
+        cmdline = HeapAlloc(GetProcessHeap(), 0, format_size);
+        snprintf(cmdline, format_size, format, (long)GetCurrentProcessId(), (long)HandleToLong(hEvent));
         HeapFree(GetProcessHeap(), 0, format);
     }
     else
     {
         cmdline = HeapAlloc(GetProcessHeap(), 0, 80);
-        sprintf(cmdline, "winedbg --auto %d %ld",
-                GetCurrentProcessId(), (ULONG_PTR)hEvent);
+        snprintf(cmdline, 80, "winedbg --auto %ld %ld", /* as in tools/wine.inf */
+                 (long)GetCurrentProcessId(), (long)HandleToLong(hEvent));
     }
 
     if (!bAuto)


