From db00a7522757ae4e5a084611528d42c076337921 Mon Sep 17 00:00:00 2001
From: Katayama Hirofumi MZ <katayama.hirofumi.mz@gmail.com>
Date: Fri, 16 Sep 2022 17:35:05 +0900
Subject: [PATCH] [IMM32] Don't allow invalid 'IME File' values

Improve security. CORE-11700
---
 dll/win32/imm32/utils.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dll/win32/imm32/utils.c b/dll/win32/imm32/utils.c
index 9e0c07195dd..1ba6d556f21 100644
--- a/dll/win32/imm32/utils.c
+++ b/dll/win32/imm32/utils.c
@@ -908,7 +908,8 @@ UINT APIENTRY Imm32GetImeLayout(PREG_IME pLayouts, UINT cLayouts)
 
         RegCloseKey(hkeyIME);
 
-        if (!szImeFileName[0])
+        /* We don't allow the invalid "IME File" values for security reason */
+        if (!szImeFileName[0] || wcschr(szImeFileName, L'\\') != NULL)
             break;
 
         Imm32StrToUInt(szImeKey, &Value, 16);