Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-11-18 13:01:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

[CRT] Use MAX_PATH for buffer meant to contain an arbitrary path

Browse source 
The cFileName member of WIN32_FIND_DATA is an array of MAX_PATH(260). Using strcpy/wcscpy with the target buffer being smaller is potentially bad. Corresponds to CID 1401198 and 1401195.
This commit is contained in:
Samuel Serapion 2017-10-20 11:03:07 -04:00 committed by Thomas Faber
parent 19cef7806c
commit 136fabd357
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sdk/lib/crt/misc/getargs.c
View file

@ -70,7 +70,7 @@ int wexpand(wchar_t* name, int expand_wildcards)
WIN32_FIND_DATAW fd;
HANDLE hFile;
BOOLEAN first = TRUE;
wchar_t buffer[256];
wchar_t buffer[MAX_PATH];
uintptr_t pos;
if (expand_wildcards && (s = wcspbrk(name, L"*?")))
@ -135,7 +135,7 @@ int aexpand(char* name, int expand_wildcards)
WIN32_FIND_DATAA fd;
HANDLE hFile;
BOOLEAN first = TRUE;
char buffer[256];
char buffer[MAX_PATH];
uintptr_t pos;
if (expand_wildcards && (s = strpbrk(name, "*?")))