Piotr Caban : kernel32: Don't use uninitialized ofs->szPathName in OpenFile.
Alexandre Julliard
julliard at winehq.org
Mon Sep 30 16:19:06 CDT 2019
Module: wine
Branch: master
Commit: 392648dda225c06955cbc9d57e12bb3f00d9e7bf
URL: https://source.winehq.org/git/wine.git/?a=commit;h=392648dda225c06955cbc9d57e12bb3f00d9e7bf
Author: Piotr Caban <piotr at codeweavers.com>
Date: Fri Sep 27 20:00:32 2019 +0200
kernel32: Don't use uninitialized ofs->szPathName in OpenFile.
Signed-off-by: Piotr Caban <piotr at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/kernel32/file.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/dlls/kernel32/file.c b/dlls/kernel32/file.c
index 2b6a13fc0d..bdf429cc05 100644
--- a/dlls/kernel32/file.c
+++ b/dlls/kernel32/file.c
@@ -1166,6 +1166,7 @@ HFILE WINAPI OpenFile( LPCSTR name, OFSTRUCT *ofs, UINT mode )
HANDLE handle;
FILETIME filetime;
WORD filedatetime[2];
+ DWORD len;
if (!ofs) return HFILE_ERROR;
@@ -1201,7 +1202,13 @@ HFILE WINAPI OpenFile( LPCSTR name, OFSTRUCT *ofs, UINT mode )
/* the watcom 10.6 IDE relies on a valid path returned in ofs->szPathName
Are there any cases where getting the path here is wrong?
Uwe Bonnes 1997 Apr 2 */
- if (!GetFullPathNameA( name, sizeof(ofs->szPathName), ofs->szPathName, NULL )) goto error;
+ len = GetFullPathNameA( name, sizeof(ofs->szPathName), ofs->szPathName, NULL );
+ if (!len) goto error;
+ if (len >= sizeof(ofs->szPathName))
+ {
+ SetLastError(ERROR_INVALID_DATA);
+ goto error;
+ }
/* OF_PARSE simply fills the structure */
@@ -1224,8 +1231,13 @@ HFILE WINAPI OpenFile( LPCSTR name, OFSTRUCT *ofs, UINT mode )
{
/* Now look for the file */
- if (!SearchPathA( NULL, name, NULL, sizeof(ofs->szPathName), ofs->szPathName, NULL ))
+ len = SearchPathA( NULL, name, NULL, sizeof(ofs->szPathName), ofs->szPathName, NULL );
+ if (!len) goto error;
+ if (len >= sizeof(ofs->szPathName))
+ {
+ SetLastError(ERROR_INVALID_DATA);
goto error;
+ }
TRACE("found %s\n", debugstr_a(ofs->szPathName) );
More information about the wine-cvs
mailing list