shell32: Make sure wcmd has enough space to hold the string.

If the length of wszApplicationName exceeds 1024, it will cause an error when writing to the subsequent stack space after exceeding the wcmd space, Wcmd needs to be modified to dynamic allocation. Signed-off-by: Jiajin Cui <cuijiajin@uniontech.com>

shell32: Make sure wcmd has enough space to hold the string.
eee640c9 · Jiajin Cui · Alexandre Julliard · 41cc117b · eee640c9
Commit eee640c9 authored Jun 21, 2023 by Jiajin Cui Committed by Alexandre Julliard Jul 04, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

shlexec.c dlls/shell32/shlexec.c +8 -0

No files found.
--- a/dlls/shell32/shlexec.c
+++ b/dlls/shell32/shlexec.c
@@ -1764,6 +1764,14 @@ static BOOL SHELL_execute( LPSHELLEXECUTEINFOW sei, SHELL_ExecuteW32 execfunc )
    TRACE("execute:%s,%s,%s\n", debugstr_w(wszApplicationName), debugstr_w(wszParameters), debugstr_w(wszDir));
    lpFile = sei_tmp.lpFile;
    wcmd = wcmdBuffer;
+    len = lstrlenW(wszApplicationName) + 3;
+    if (sei_tmp.lpParameters[0])
+        len += 1 + lstrlenW(wszParameters);
+    if (len > wcmdLen)
+    {
+        wcmd = heap_alloc(len * sizeof(WCHAR));
+        wcmdLen = len;
+    }
    lstrcpyW(wcmd, wszApplicationName);
    if (sei_tmp.lpDirectory)
    {