Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-07-06 04:35:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a buffer overflow in RefreshListView.

Browse source 
svn path=/trunk/; revision=19872
This commit is contained in:
Hartmut Birr 2005-12-04 15:18:11 +00:00
parent 1986a25e6b
commit f997c770e3
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
reactos/subsys/system/regedit/listview.c
View file

@ -552,12 +552,10 @@ BOOL RefreshListView(HWND hwndLV, HKEY hKey, LPCTSTR keyPath)
errCode = RegQueryInfoKey(hNewKey, NULL, NULL, NULL, NULL, &max_sub_key_len, NULL,
&val_count, &max_val_name_len, &max_val_size, NULL, NULL);
#define BUF_HEAD_SPACE 2 /* FIXME: check why this is required with ROS ??? */
if (errCode == ERROR_SUCCESS) {
TCHAR* ValName = HeapAlloc(GetProcessHeap(), 0, ++max_val_name_len * sizeof(TCHAR) + BUF_HEAD_SPACE);
TCHAR* ValName = HeapAlloc(GetProcessHeap(), 0, ++max_val_name_len * sizeof(TCHAR));
DWORD dwValNameLen = max_val_name_len;
BYTE* ValBuf = HeapAlloc(GetProcessHeap(), 0, ++max_val_size/* + BUF_HEAD_SPACE*/);
BYTE* ValBuf = HeapAlloc(GetProcessHeap(), 0, max_val_size + sizeof(TCHAR));
DWORD dwValSize = max_val_size;
DWORD dwIndex = 0L;
DWORD dwValType;
@ -566,7 +564,8 @@ BOOL RefreshListView(HWND hwndLV, HKEY hKey, LPCTSTR keyPath)
/* } */
/* dwValSize = max_val_size; */
while (RegEnumValue(hNewKey, dwIndex, ValName, &dwValNameLen, NULL, &dwValType, ValBuf, &dwValSize) == ERROR_SUCCESS) {
ValBuf[dwValSize] = 0;
/* Add a terminating 0 character. Usually this is only necessary for strings. */
((TCHAR*)ValBuf)[dwValSize/sizeof(TCHAR)] = 0;
AddEntryToList(hwndLV, ValName, dwValType, ValBuf, dwValSize, -1, TRUE);
dwValNameLen = max_val_name_len;
dwValSize = max_val_size;