Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-24 17:34:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

fixed uninitialized variable warnings and possible buffer overflows when reading strings from the registry that aren't NULL-terminated

Browse source 
svn path=/trunk/; revision=20088
This commit is contained in:
Thomas Bluemel 2005-12-11 22:13:46 +00:00
parent 38b91bdab0
commit 408fa486e3
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
reactos/lib/setupapi/devinst.c
View file

@ -1872,13 +1872,14 @@ static BOOL GetIconIndex(
SetLastError(ERROR_NOT_ENOUGH_MEMORY); SetLastError(ERROR_NOT_ENOUGH_MEMORY);
goto cleanup; goto cleanup;
} }
Buffer[dwLength / sizeof(WCHAR)] = 0;
rc = RegQueryValueExW(hClassKey, L"Icon", NULL, NULL, (LPBYTE)Buffer, &dwLength); rc = RegQueryValueExW(hClassKey, L"Icon", NULL, NULL, (LPBYTE)Buffer, &dwLength);
if (rc != ERROR_SUCCESS) if (rc != ERROR_SUCCESS)
{ {
SetLastError(rc); SetLastError(rc);
goto cleanup; goto cleanup;
} }
/* make sure the returned buffer is NULL-terminated */
Buffer[dwLength / sizeof(WCHAR)] = 0;
/* Transform "Icon" value to a INT */ /* Transform "Icon" value to a INT */
*ImageIndex = atoiW(Buffer); *ImageIndex = atoiW(Buffer);
@ -2065,7 +2066,7 @@ BOOL WINAPI SetupDiLoadClassIcon(
rc = RegQueryValueExW(hKey, L"Installer32", NULL, &dwRegType, NULL, &dwLength); rc = RegQueryValueExW(hKey, L"Installer32", NULL, &dwRegType, NULL, &dwLength);
if (rc == ERROR_SUCCESS && dwRegType == REG_SZ) if (rc == ERROR_SUCCESS && dwRegType == REG_SZ)
{ {
Buffer = MyMalloc(dwLength); Buffer = MyMalloc(dwLength + sizeof(WCHAR));
if (Buffer == NULL) if (Buffer == NULL)
{ {
SetLastError(ERROR_NOT_ENOUGH_MEMORY); SetLastError(ERROR_NOT_ENOUGH_MEMORY);
@ -2077,12 +2078,14 @@ BOOL WINAPI SetupDiLoadClassIcon(
SetLastError(rc); SetLastError(rc);
goto cleanup; goto cleanup;
} }
/* make sure the returned buffer is NULL-terminated */
Buffer[dwLength / sizeof(WCHAR)] = 0;
} }
else if else if
(ERROR_SUCCESS == (rc = RegQueryValueExW(hKey, L"EnumPropPages32", NULL, &dwRegType, NULL, &dwLength)) (ERROR_SUCCESS == (rc = RegQueryValueExW(hKey, L"EnumPropPages32", NULL, &dwRegType, NULL, &dwLength))
&& dwRegType == REG_SZ) && dwRegType == REG_SZ)
{ {
Buffer = MyMalloc(dwLength); Buffer = MyMalloc(dwLength + sizeof(WCHAR));
if (Buffer == NULL) if (Buffer == NULL)
{ {
SetLastError(ERROR_NOT_ENOUGH_MEMORY); SetLastError(ERROR_NOT_ENOUGH_MEMORY);
@ -2094,6 +2097,8 @@ BOOL WINAPI SetupDiLoadClassIcon(
SetLastError(rc); SetLastError(rc);
goto cleanup; goto cleanup;
} }
/* make sure the returned buffer is NULL-terminated */
Buffer[dwLength / sizeof(WCHAR)] = 0;
} }
else else
{ {
@ -2108,6 +2113,7 @@ BOOL WINAPI SetupDiLoadClassIcon(
goto cleanup; goto cleanup;
} }
*Comma = '\0'; *Comma = '\0';
DllName = Buffer;
} }
else else
{ {