Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-22 05:00:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

[SHELL32]

Browse source 
- rewrite _ILCreateFontItem
- fix a buffer overflow

svn path=/trunk/; revision=64050
This commit is contained in:
Johannes Anderwald 2014-09-06 12:33:17 +00:00
parent 60893ab6d4
commit f7fd60d56d
1 changed files with 15 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
reactos/dll/win32/shell32/folders/fonts.cpp
View file

@ -78,30 +78,28 @@ HRESULT WINAPI CDesktopFolderEnumZ::Initialize(DWORD dwFlags)
static LPITEMIDLIST _ILCreateFontItem(LPWSTR pszFont, LPWSTR pszFile) static LPITEMIDLIST _ILCreateFontItem(LPWSTR pszFont, LPWSTR pszFile)
{ {
PIDLDATA tmp;
LPITEMIDLIST pidl; LPITEMIDLIST pidl;
PIDLFontStruct * p; LPPIDLDATA data;
int size0 = (char*)&tmp.u.cfont.szName - (char*)&tmp.u.cfont; int length = wcslen(pszFont) + 1;
int size = size0; int size = sizeof(PIDLDATA) + sizeof(ITEMIDLIST);
tmp.type = 0x00; size += length * sizeof(WCHAR);
tmp.u.cfont.dummy = 0xFF; size += (wcslen(pszFile) + 1) * sizeof(WCHAR);
tmp.u.cfont.offsFile = wcslen(pszFont) + 1;
size += (tmp.u.cfont.offsFile + wcslen(pszFile) + 1) * sizeof(WCHAR); pidl = (LPITEMIDLIST)SHAlloc(size + 5);
pidl = (LPITEMIDLIST)SHAlloc(size + 4);
if (!pidl) if (!pidl)
return pidl; return pidl;
pidl->mkid.cb = size + 2; ZeroMemory(pidl, size + 5);
memcpy(pidl->mkid.abID, &tmp, 2 + size0); pidl->mkid.cb = size + 3;
p = &((PIDLDATA*)pidl->mkid.abID)->u.cfont; data = _ILGetDataPointer(pidl);
wcscpy(p->szName, pszFont); data->type = 0x00;
wcscpy(p->szName + tmp.u.cfont.offsFile, pszFile); data->u.cfont.dummy = 0xFF;
data->u.cfont.offsFile = length;
wcscpy(data->u.cfont.szName, pszFont);
wcscpy(&data->u.cfont.szName[length], pszFile);
*(WORD*)((char*)pidl + (size + 2)) = 0;
return pidl; return pidl;
} }
@ -607,7 +605,7 @@ HRESULT WINAPI CFontsFolder::GetDetailsOf(PCUITEMID_CHILD pidl, UINT iColumn, SH
{ {
if (StrFormatByteSizeW(FileSize.QuadPart, buffer, sizeof(buffer) / sizeof(WCHAR))) if (StrFormatByteSizeW(FileSize.QuadPart, buffer, sizeof(buffer) / sizeof(WCHAR)))
{ {
psd->str.pOleStr = (LPWSTR)CoTaskMemAlloc(wcslen(buffer) + 1); psd->str.pOleStr = (LPWSTR)CoTaskMemAlloc((wcslen(buffer) + 1) * sizeof(WCHAR));
if (!psd->str.pOleStr) if (!psd->str.pOleStr)
{ {
CloseHandle(hFile); CloseHandle(hFile);