Jacek Caban : mshtml: Limit message length to 2000 in IHTMLWindow2::alert.

Alexandre Julliard julliard at winehq.org
Wed Apr 21 10:40:24 CDT 2010


Module: wine
Branch: master
Commit: 1997a3a20a6e1fb1f9a026af5b7236de8b4e8777
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=1997a3a20a6e1fb1f9a026af5b7236de8b4e8777

Author: Jacek Caban <jacek at codeweavers.com>
Date:   Wed Apr 21 14:01:22 2010 +0200

mshtml: Limit message length to 2000 in IHTMLWindow2::alert.

---

 dlls/mshtml/htmlwindow.c |   22 ++++++++++++++++++----
 1 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/dlls/mshtml/htmlwindow.c b/dlls/mshtml/htmlwindow.c
index 5dbea55..1701b53 100644
--- a/dlls/mshtml/htmlwindow.c
+++ b/dlls/mshtml/htmlwindow.c
@@ -511,20 +511,34 @@ static HRESULT WINAPI HTMLWindow2_clearTimeout(IHTMLWindow2 *iface, LONG timerID
     return clear_task_timer(&This->doc->basedoc, FALSE, timerID);
 }
 
+#define MAX_MESSAGE_LEN 2000
+
 static HRESULT WINAPI HTMLWindow2_alert(IHTMLWindow2 *iface, BSTR message)
 {
     HTMLWindow *This = HTMLWINDOW2_THIS(iface);
-    WCHAR wszTitle[100];
+    WCHAR title[100], *msg = message;
+    DWORD len;
 
     TRACE("(%p)->(%s)\n", This, debugstr_w(message));
 
-    if(!LoadStringW(get_shdoclc(), IDS_MESSAGE_BOX_TITLE, wszTitle,
-                    sizeof(wszTitle)/sizeof(WCHAR))) {
+    if(!LoadStringW(get_shdoclc(), IDS_MESSAGE_BOX_TITLE, title,
+                    sizeof(title)/sizeof(WCHAR))) {
         WARN("Could not load message box title: %d\n", GetLastError());
         return S_OK;
     }
 
-    MessageBoxW(This->doc_obj->hwnd, message, wszTitle, MB_ICONWARNING);
+    len = SysStringLen(message);
+    if(len > MAX_MESSAGE_LEN) {
+        msg = heap_alloc((MAX_MESSAGE_LEN+1)*sizeof(WCHAR));
+        if(!msg)
+            return E_OUTOFMEMORY;
+        memcpy(msg, message, MAX_MESSAGE_LEN*sizeof(WCHAR));
+        msg[MAX_MESSAGE_LEN] = 0;
+    }
+
+    MessageBoxW(This->doc_obj->hwnd, msg, title, MB_ICONWARNING);
+    if(msg != message)
+        heap_free(msg);
     return S_OK;
 }
 




More information about the wine-cvs mailing list