Module: wine Branch: master Commit: ad57c70a6cc37bfa05630a6e76509a26fe658ee9 URL: http://source.winehq.org/git/wine.git/?a=commit;h=ad57c70a6cc37bfa05630a6e76...
Author: Alexander Nicolaysen Sørnes alex@thehandofagony.com Date: Tue Jun 5 23:08:29 2007 +0200
wordpad: Fix potential buffer overflow.
---
programs/wordpad/wordpad.c | 23 ++++++++++++++++++----- 1 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/programs/wordpad/wordpad.c b/programs/wordpad/wordpad.c index 5a9f7fd..6efc15d 100644 --- a/programs/wordpad/wordpad.c +++ b/programs/wordpad/wordpad.c @@ -133,15 +133,28 @@ static WCHAR wszFileName[MAX_PATH];
static void set_caption(LPCWSTR wszNewFileName) { - static const WCHAR wszSeparator[] = {' ','-',' ','\0'}; - WCHAR wszCaption[MAX_PATH]; + static const WCHAR wszSeparator[] = {' ','-',' '};
if(wszNewFileName) { - lstrcpyW(wszCaption, wszNewFileName); - lstrcatW(wszCaption, wszSeparator); - lstrcatW(wszCaption, wszAppTitle); + WCHAR *wszCaption; + SIZE_T length = 0; + + wszCaption = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, + lstrlenW(wszNewFileName)*sizeof(WCHAR)+sizeof(wszSeparator)+sizeof(wszAppTitle)); + + if(!wszCaption) + return; + + memcpy(wszCaption, wszNewFileName, lstrlenW(wszNewFileName)*sizeof(WCHAR)); + length += lstrlenW(wszNewFileName); + memcpy(wszCaption + length, wszSeparator, sizeof(wszSeparator)); + length += sizeof(wszSeparator) / sizeof(WCHAR); + memcpy(wszCaption + length, wszAppTitle, sizeof(wszAppTitle)); + SetWindowTextW(hMainWnd, wszCaption); + + HeapFree(GetProcessHeap(), 0, wszCaption); } else { SetWindowTextW(hMainWnd, wszAppTitle);