Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-30 09:50:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DEVMGR] Fix some bugs spotted by Thomas Faber in PR #5775 (#5790)

Browse source 
- Fix TCHAR/WCHAR mis-usage,
- Fix as a result, a buffer overflow (GlobalAlloc takes the size in
  bytes, but a number of characters was passed to it instead).
- Remove usage of unsafe string function. Now the item text is directly
  retrieved within the allocated buffer.
This commit is contained in:
Hermès Bélusca-Maïto 2023-10-12 15:34:06 +02:00
parent 7fb91d98f9
commit b4b1c5b9aa
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
dll/win32/devmgr/properties/advprop.cpp
View file

@ -413,7 +413,7 @@ DriverDetailsDlgProc(IN HWND hwndDlg,
pnmv->iItem,
pnmv->iSubItem,
szDriverPath,
MAX_PATH);
_countof(szDriverPath));
UpdateDriverVersionInfoDetails(hwndDlg,
szDriverPath);
@ -1944,16 +1944,11 @@ AdvProcDetailsDlgProc(IN HWND hwndDlg,
if (nSelectedId < 0 || nSelectedItems <= 0)
break;
TCHAR szItemName[MAX_PATH];
HGLOBAL hGlobal;
LPWSTR pszBuffer;
SIZE_T cchSize = MAX_PATH + 1;
ListView_GetItemText(hwndListView,
nSelectedId, 0,
szItemName,
_countof(szItemName));
hGlobal = GlobalAlloc(GHND, MAX_PATH);
hGlobal = GlobalAlloc(GHND, cchSize * sizeof(WCHAR));
if (!hGlobal)
break;
pszBuffer = (LPWSTR)GlobalLock(hGlobal);
@ -1963,7 +1958,12 @@ AdvProcDetailsDlgProc(IN HWND hwndDlg,
break;
}
wsprintf(pszBuffer, L"%s", szItemName);
ListView_GetItemText(hwndListView,
nSelectedId, 0,
pszBuffer,
cchSize);
/* Ensure NULL-termination */
pszBuffer[cchSize - 1] = UNICODE_NULL;
GlobalUnlock(hGlobal);