kernel32: Avoid unprotected sprintf on registry/user-supplied format string.

c3b80267 · Jörg Höhle · Alexandre Julliard · 62a21968 · c3b80267
Commit c3b80267 authored Jul 01, 2009 by Jörg Höhle Committed by Alexandre Julliard Jul 01, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 4 deletions

except.c dlls/kernel32/except.c +5 -4

No files found.
--- a/dlls/kernel32/except.c
+++ b/dlls/kernel32/except.c
@@ -265,15 +265,16 @@ static BOOL	start_debugger(PEXCEPTION_POINTERS epointers, HANDLE hEvent)

    if (format)
    {
-        cmdline = HeapAlloc(GetProcessHeap(), 0, strlen(format) + 2*20);
-        sprintf(cmdline, format, GetCurrentProcessId(), hEvent);
+        size_t format_size = strlen(format) + 2*20;
+        cmdline = HeapAlloc(GetProcessHeap(), 0, format_size);
+        snprintf(cmdline, format_size, format, (long)GetCurrentProcessId(), (long)HandleToLong(hEvent));
        HeapFree(GetProcessHeap(), 0, format);
    }
    else
    {
        cmdline = HeapAlloc(GetProcessHeap(), 0, 80);
-        sprintf(cmdline, "winedbg --auto %d %ld",
-                GetCurrentProcessId(), (ULONG_PTR)hEvent);
+        snprintf(cmdline, 80, "winedbg --auto %ld %ld", /* as in tools/wine.inf */
+                 (long)GetCurrentProcessId(), (long)HandleToLong(hEvent));
    }

    if (!bAuto)