Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-22 22:11:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SHELL32]

Browse source 
- rewrite _ILCreateFontItem
- fix a buffer overflow

svn path=/trunk/; revision=64050
This commit is contained in:
Johannes Anderwald 2014-09-06 12:33:17 +00:00
parent 60893ab6d4
commit f7fd60d56d
1 changed files with 15 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
reactos/dll/win32/shell32/folders/fonts.cpp
View file

@ -78,30 +78,28 @@ HRESULT WINAPI CDesktopFolderEnumZ::Initialize(DWORD dwFlags)
static LPITEMIDLIST _ILCreateFontItem(LPWSTR pszFont, LPWSTR pszFile)
{
PIDLDATA tmp;
LPITEMIDLIST pidl;
PIDLFontStruct * p;
int size0 = (char*)&tmp.u.cfont.szName - (char*)&tmp.u.cfont;
int size = size0;
LPPIDLDATA data;
int length = wcslen(pszFont) + 1;
int size = sizeof(PIDLDATA) + sizeof(ITEMIDLIST);
tmp.type = 0x00;
tmp.u.cfont.dummy = 0xFF;
tmp.u.cfont.offsFile = wcslen(pszFont) + 1;
size += length * sizeof(WCHAR);
size += (wcslen(pszFile) + 1) * sizeof(WCHAR);
size += (tmp.u.cfont.offsFile + wcslen(pszFile) + 1) * sizeof(WCHAR);
pidl = (LPITEMIDLIST)SHAlloc(size + 4);
pidl = (LPITEMIDLIST)SHAlloc(size + 5);
if (!pidl)
return pidl;
pidl->mkid.cb = size + 2;
memcpy(pidl->mkid.abID, &tmp, 2 + size0);
ZeroMemory(pidl, size + 5);
pidl->mkid.cb = size + 3;
p = &((PIDLDATA*)pidl->mkid.abID)->u.cfont;
wcscpy(p->szName, pszFont);
wcscpy(p->szName + tmp.u.cfont.offsFile, pszFile);
data = _ILGetDataPointer(pidl);
data->type = 0x00;
data->u.cfont.dummy = 0xFF;
data->u.cfont.offsFile = length;
wcscpy(data->u.cfont.szName, pszFont);
wcscpy(&data->u.cfont.szName[length], pszFile);
*(WORD*)((char*)pidl + (size + 2)) = 0;
return pidl;
}
@ -607,7 +605,7 @@ HRESULT WINAPI CFontsFolder::GetDetailsOf(PCUITEMID_CHILD pidl, UINT iColumn, SH
{
if (StrFormatByteSizeW(FileSize.QuadPart, buffer, sizeof(buffer) / sizeof(WCHAR)))
{
psd->str.pOleStr = (LPWSTR)CoTaskMemAlloc(wcslen(buffer) + 1);
psd->str.pOleStr = (LPWSTR)CoTaskMemAlloc((wcslen(buffer) + 1) * sizeof(WCHAR));
if (!psd->str.pOleStr)
{
CloseHandle(hFile);