From cbd14f3708b864c7bc50d0cedc9d19edde8b8bdd Mon Sep 17 00:00:00 2001
From: Roel Messiant <roelmessiant@gmail.com>
Date: Sat, 25 Dec 2010 05:27:01 +0000
Subject: [PATCH] [WIN32K] - IntCreateWindow: Fill out MaximumLength field of
 the window name. Fixes potential buffer overflow in at least
 NtUserDefSetText.

svn path=/trunk/; revision=50135
---
 reactos/subsystems/win32/win32k/ntuser/window.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/reactos/subsystems/win32/win32k/ntuser/window.c b/reactos/subsystems/win32/win32k/ntuser/window.c
index 73b6d9af7cf..47636714673 100644
--- a/reactos/subsystems/win32/win32k/ntuser/window.c
+++ b/reactos/subsystems/win32/win32k/ntuser/window.c
@@ -1759,6 +1759,7 @@ PWND FASTCALL IntCreateWindow(CREATESTRUCTW* Cs,
       RtlCopyMemory(pWnd->strName.Buffer, WindowName->Buffer, WindowName->Length);
       pWnd->strName.Buffer[WindowName->Length / sizeof(WCHAR)] = L'\0';
       pWnd->strName.Length = WindowName->Length;
+      pWnd->strName.MaximumLength = WindowName->Length + sizeof(UNICODE_NULL);
    }
 
    /* Correct the window style. */