Fixed potential buffer overflows (spotted by Francois Gouget).

f1f68312 · Alexandre Julliard · 6f715732 · f1f68312 · f1f68312
Commit f1f68312 authored Jan 01, 2000 by Alexandre Julliard
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 31 deletions

ddeml.c misc/ddeml.c +8 -17

win.c windows/win.c +26 -14

No files found.
--- a/misc/ddeml.c
+++ b/misc/ddeml.c
@@ -445,16 +445,16 @@ void FindNotifyMonitorCallbacks(DWORD ThisInstance, DWORD DdeEvent )
 *
 */
-void DdeReserveAtom( DDE_HANDLE_ENTRY * reference_inst,HSZ hsz)
+static void DdeReserveAtom( DDE_HANDLE_ENTRY * reference_inst,HSZ hsz)
 {
-  CHAR SNameBuffer[MAX_BUFFER_LEN];
-  UINT rcode;
  if ( reference_inst->Unicode)
  {
-        rcode=GlobalGetAtomNameW(hsz,(LPWSTR)&SNameBuffer,MAX_ATOM_LEN);
+        WCHAR SNameBuffer[MAX_BUFFER_LEN];
-        GlobalAddAtomW((LPWSTR)SNameBuffer);
+        GlobalGetAtomNameW(hsz,SNameBuffer,MAX_BUFFER_LEN);
+        GlobalAddAtomW(SNameBuffer);
  } else {
-        rcode=GlobalGetAtomNameA(hsz,SNameBuffer,MAX_ATOM_LEN);
+        CHAR SNameBuffer[MAX_BUFFER_LEN];
+        GlobalGetAtomNameA(hsz,SNameBuffer,MAX_BUFFER_LEN);
        GlobalAddAtomA(SNameBuffer);
  }
 }
@@ -475,18 +475,9 @@ void DdeReserveAtom( DDE_HANDLE_ENTRY * reference_inst,HSZ hsz)
 *
 */
-void DdeReleaseAtom( DDE_HANDLE_ENTRY * reference_inst,HSZ hsz)
+static void DdeReleaseAtom( DDE_HANDLE_ENTRY * reference_inst,HSZ hsz)
 {
-  CHAR SNameBuffer[MAX_BUFFER_LEN];
+    GlobalDeleteAtom( hsz );
-  UINT rcode;
-  if ( reference_inst->Unicode)
-  {
-        rcode=GlobalGetAtomNameW(hsz,(LPWSTR)&SNameBuffer,MAX_ATOM_LEN);
-        GlobalAddAtomW((LPWSTR)SNameBuffer);
-  } else {
-        rcode=GlobalGetAtomNameA(hsz,SNameBuffer,MAX_ATOM_LEN);
-        GlobalAddAtomA(SNameBuffer);
-  }
 }
 /******************************************************************************

--- a/windows/win.c
+++ b/windows/win.c
@@ -663,7 +663,6 @@ static HWND WIN_CreateWindowEx( CREATESTRUCTA *cs, ATOM classAtom,
    HWND16 hwnd, hwndLinkAfter;
    POINT maxSize, maxPos, minTrack, maxTrack;
    LRESULT (CALLBACK *localSend32)(HWND, UINT, WPARAM, LPARAM);
-    char buffer[256];
    TRACE("%s %s %08lx %08lx %d,%d %dx%d %04x %04x %08x %p\n",
          unicode ? debugres_w((LPWSTR)cs->lpszName) : debugres_a(cs->lpszName), 
@@ -689,24 +688,12 @@ static HWND WIN_CreateWindowEx( CREATESTRUCTA *cs, ATOM classAtom,
    /* Find the window class */
    if (!(classPtr = CLASS_FindClassByAtom( classAtom, win32?cs->hInstance:GetExePtr(cs->hInstance) )))
    {
+        char buffer[256];
        GlobalGetAtomNameA( classAtom, buffer, sizeof(buffer) );
        WARN("Bad class '%s'\n", buffer );
        return 0;
    }
-    /* Fix the lpszClass field: from existing programs, it seems ok to call a CreateWindowXXX 
-     * with an atom as the class name, put some programs expect to have a *REAL* string in 
-     * lpszClass when the CREATESTRUCT is sent with WM_CREATE 
-     */
-    if ( !HIWORD(cs->lpszClass) ) {	
-        if (unicode) {
-	   GlobalGetAtomNameW( classAtom, (LPWSTR)buffer, sizeof(buffer) );
-	} else {
-	   GlobalGetAtomNameA( classAtom, buffer, sizeof(buffer) );
-	}
-	cs->lpszClass = buffer;
-    }
    /* Fix the coordinates */
    if (cs->x == CW_USEDEFAULT || cs->x == CW_USEDEFAULT16)
@@ -1047,6 +1034,7 @@ HWND16 WINAPI CreateWindowEx16( DWORD exStyle, LPCSTR className,
 {
    ATOM classAtom;
    CREATESTRUCTA cs;
+    char buffer[256];
    /* Find the class atom */
@@ -1075,6 +1063,13 @@ HWND16 WINAPI CreateWindowEx16( DWORD exStyle, LPCSTR className,
    cs.lpszName       = windowName;
    cs.lpszClass      = className;
    cs.dwExStyle      = exStyle;
+    /* make sure lpszClass is a string */
+    if (!HIWORD(cs.lpszClass))
+    {
+        GlobalGetAtomNameA( classAtom, buffer, sizeof(buffer) );
+        cs.lpszClass = buffer;
+    }
    return WIN_CreateWindowEx( &cs, classAtom, FALSE, FALSE );
 }
@@ -1090,6 +1085,7 @@ HWND WINAPI CreateWindowExA( DWORD exStyle, LPCSTR className,
 {
    ATOM classAtom;
    CREATESTRUCTA cs;
+    char buffer[256];
    if(!instance)
        instance=GetModuleHandleA(NULL);
@@ -1120,6 +1116,13 @@ HWND WINAPI CreateWindowExA( DWORD exStyle, LPCSTR className,
    cs.lpszName       = windowName;
    cs.lpszClass      = className;
    cs.dwExStyle      = exStyle;
+    /* make sure lpszClass is a string */
+    if (!HIWORD(cs.lpszClass))
+    {
+        GlobalGetAtomNameA( classAtom, buffer, sizeof(buffer) );
+        cs.lpszClass = buffer;
+    }
    return WIN_CreateWindowEx( &cs, classAtom, TRUE, FALSE );
 }
@@ -1135,6 +1138,7 @@ HWND WINAPI CreateWindowExW( DWORD exStyle, LPCWSTR className,
 {
    ATOM classAtom;
    CREATESTRUCTW cs;
+    WCHAR buffer[256];
    if(!instance)
        instance=GetModuleHandleA(NULL);
@@ -1171,6 +1175,14 @@ HWND WINAPI CreateWindowExW( DWORD exStyle, LPCWSTR className,
    cs.lpszName       = windowName;
    cs.lpszClass      = className;
    cs.dwExStyle      = exStyle;
+    /* make sure lpszClass is a string */
+    if (!HIWORD(cs.lpszClass))
+    {
+        GlobalGetAtomNameW( classAtom, buffer, sizeof(buffer)/sizeof(WCHAR) );
+        cs.lpszClass = buffer;
+    }
    /* Note: we rely on the fact that CREATESTRUCT32A and */
    /* CREATESTRUCT32W have the same layout. */
    return WIN_CreateWindowEx( (CREATESTRUCTA *)&cs, classAtom, TRUE, TRUE );