Skip to content

W
wine-cw
Commit 1e9acad3 authored by Alexandre Julliard's avatar Alexandre Julliard
Browse files
Options

comdlg32: Fixed a number of buffer overflows in the file dialog.

parent 31666b31
Hide whitespace changes
Inline Side-by-side
Showing with 11 additions and 14 deletions
dlls/comdlg32/filedlg.c
View file @ 1e9acad3
...@@ -889,7 +889,7 @@ static INT_PTR FILEDLG95_Handle_GetFilePath(HWND hwnd, DWORD size, LPVOID buffer ...@@ -889,7 +889,7 @@ static INT_PTR FILEDLG95_Handle_GetFilePath(HWND hwnd, DWORD size, LPVOID buffer
{ {
/* 'n' includes trailing \0 */ /* 'n' includes trailing \0 */
bufW[n-1] = '\\'; bufW[n-1] = '\\';
memcpy( &bufW[n], lpstrFileList, (size-n)*sizeof(WCHAR) ); lstrcpynW( &bufW[n], lpstrFileList, size - n );
} }
TRACE("returned -> %s\n",debugstr_wn(bufW, total)); TRACE("returned -> %s\n",debugstr_wn(bufW, total));
} }
...@@ -931,16 +931,15 @@ static INT_PTR FILEDLG95_Handle_GetFileSpec(HWND hwnd, DWORD size, LPVOID buffer ...@@ -931,16 +931,15 @@ static INT_PTR FILEDLG95_Handle_GetFileSpec(HWND hwnd, DWORD size, LPVOID buffer
FILEDLG95_FILENAME_GetFileNames(hwnd, &lpstrFileList, &sizeUsed, ' '); FILEDLG95_FILENAME_GetFileNames(hwnd, &lpstrFileList, &sizeUsed, ' ');
if( fodInfos->unicode ) if( fodInfos->unicode )
{ {
LPWSTR bufW = buffer; lstrcpynW( buffer, lpstrFileList, size );
memcpy( bufW, lpstrFileList, sizeof(WCHAR)*sizeUsed );
} }
else else
{ {
LPSTR bufA = buffer; LPSTR bufA = buffer;
sizeUsed = WideCharToMultiByte( CP_ACP, 0, lpstrFileList, sizeUsed, DWORD sizeA = WideCharToMultiByte( CP_ACP, 0, lpstrFileList, sizeUsed, NULL, 0, NULL, NULL);
NULL, 0, NULL, NULL); WideCharToMultiByte(CP_ACP, 0, lpstrFileList, sizeUsed, bufA, size, NULL, NULL);
WideCharToMultiByte(CP_ACP, 0, lpstrFileList, sizeUsed, if (size && size < sizeA) bufA[size - 1] = 0;
bufA, size, NULL, NULL); sizeUsed = sizeA;
} }
MemFree(lpstrFileList); MemFree(lpstrFileList);
...@@ -3237,29 +3236,27 @@ static int FILEDLG95_FILENAME_GetFileNames (HWND hwnd, LPWSTR * lpstrFileList, U ...@@ -3237,29 +3236,27 @@ static int FILEDLG95_FILENAME_GetFileNames (HWND hwnd, LPWSTR * lpstrFileList, U
while ((lpstrEdit[nStrCharCount]!='"') && (nStrCharCount <= nStrLen)) while ((lpstrEdit[nStrCharCount]!='"') && (nStrCharCount <= nStrLen))
{ {
(*lpstrFileList)[nFileIndex++] = lpstrEdit[nStrCharCount]; (*lpstrFileList)[nFileIndex++] = lpstrEdit[nStrCharCount];
(*sizeUsed)++;
nStrCharCount++; nStrCharCount++;
} }
(*lpstrFileList)[nFileIndex++] = separator; (*lpstrFileList)[nFileIndex++] = separator;
(*sizeUsed)++;
nFileCount++; nFileCount++;
} }
nStrCharCount++; nStrCharCount++;
} }
/* single, unquoted string */ /* single, unquoted string */
if ((nStrLen > 0) && (*sizeUsed == 0) ) if ((nStrLen > 0) && (nFileIndex == 0) )
{ {
lstrcpyW(*lpstrFileList, lpstrEdit); lstrcpyW(*lpstrFileList, lpstrEdit);
nFileIndex = lstrlenW(lpstrEdit) + 1; nFileIndex = lstrlenW(lpstrEdit) + 1;
(*sizeUsed) = nFileIndex;
nFileCount = 1; nFileCount = 1;
} }
/* trailing \0 */ /* trailing \0 */
(*lpstrFileList)[nFileIndex] = '\0'; if (nFileIndex && separator) nFileIndex--; /* remove trailing separator */
(*sizeUsed)++; (*lpstrFileList)[nFileIndex++] = '\0';
*sizeUsed = nFileIndex;
MemFree(lpstrEdit); MemFree(lpstrEdit);
return nFileCount; return nFileCount;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment