[PATCH 1/1] winecfg: Support color profiles larger than MAX_PATH chars.
Stefan Dösinger
wine at gitlab.winehq.org
Tue Jun 28 06:10:59 CDT 2022
From: Stefan Dösinger <stefan at codeweavers.com>
Signed-off-by: Stefan Dösinger <stefan at codeweavers.com>
---
GetPrivateProfileStringW looks rather awkward to me, and we are dealing
with external input here, so if there is a better way to handle this
please let me know.
A theme description I copypasted out of the registry has 384 characters,
so a larger array than MAX_PATH is needed to import it correctly. A
maliciously crafted ini file could have any size.
---
programs/winecfg/theme.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/programs/winecfg/theme.c b/programs/winecfg/theme.c
index 9c8737caf64..2b3e447bda0 100644
--- a/programs/winecfg/theme.c
+++ b/programs/winecfg/theme.c
@@ -22,6 +22,7 @@
*
*/
+#include <assert.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
@@ -554,15 +555,24 @@ static void set_color_from_theme(const WCHAR *keyName, COLORREF color)
static void do_parse_theme(WCHAR *file)
{
- WCHAR keyName[MAX_PATH], keyNameValue[MAX_PATH];
+ WCHAR *keyName, keyNameValue[MAX_PATH];
+ DWORD len, allocLen = 512;
WCHAR *keyNamePtr = NULL;
int red = 0, green = 0, blue = 0;
COLORREF color;
- WINE_TRACE("%s\n", wine_dbgstr_w(file));
+ keyName = malloc(sizeof(*keyName) * allocLen);
+ for (;;)
+ {
+ assert(keyName);
+ len = GetPrivateProfileStringW(L"Control Panel\\Colors", NULL, NULL, keyName,
+ allocLen, file);
+ if (len < allocLen - 2)
+ break;
- GetPrivateProfileStringW(L"Control Panel\\Colors", NULL, NULL, keyName,
- MAX_PATH, file);
+ allocLen *= 2;
+ keyName = realloc(keyName, sizeof(*keyName) * allocLen);
+ }
keyNamePtr = keyName;
while (*keyNamePtr!=0) {
@@ -580,6 +590,7 @@ static void do_parse_theme(WCHAR *file)
keyNamePtr+=lstrlenW(keyNamePtr);
keyNamePtr++;
}
+ free(keyName);
}
static void on_theme_install(HWND dialog)
--
GitLab
https://gitlab.winehq.org/wine/wine/-/merge_requests/331
More information about the wine-devel
mailing list