[PATCH 1/4] regedit: Validate REG_SZ import data before processing it any further (v2)
Alexandre Julliard
julliard at winehq.org
Fri Apr 21 03:57:37 CDT 2017
Hugh McMaster <hugh.mcmaster at outlook.com> writes:
> Sure. That would mean returning a pointer to any unparsed data in the original string.
> It has to be the original string because converting escape sequences to their character
> equivalents causes an offset, so relying on the new string length is unreliable.
>
> Note, though, that the double quotes surrounding the value name are removed
> before we call REGPROC_unescape_string(val_name) in processSetValue().
>
> That said, if you want think it would be better to replace a lot of
> the code in processSetValue() (see line 554 onwards in programs/regedit/regproc.c)
> with REGPROC_unescape_string(), let me know.
Yes, this should all be done through REGPROC_unescape_string(). It
should also handle removing the quotes, it doesn't make sense to
unescape but leave the quotes in.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list