From ff0436a0209641412e9a734f3e8670ee39c43509 Mon Sep 17 00:00:00 2001
From: Christoph von Wittich <christoph_vw@reactos.org>
Date: Thu, 5 Feb 2009 08:55:28 +0000
Subject: [PATCH] shell32: Fixed potential buffer overwrite in execute_from_key
 (Coverity). Marcus Meissner <marcus at jet.franken.de>

svn path=/trunk/; revision=39402
---
 reactos/dll/win32/shell32/shlexec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/reactos/dll/win32/shell32/shlexec.c b/reactos/dll/win32/shell32/shlexec.c
index e994425bd78..d1a4c7b5a66 100644
--- a/reactos/dll/win32/shell32/shlexec.c
+++ b/reactos/dll/win32/shell32/shlexec.c
@@ -908,6 +908,8 @@ static UINT_PTR execute_from_key(LPWSTR key, LPCWSTR lpFile, WCHAR *env, LPCWSTR
 
         /* Is there a replace() function anywhere? */
         cmdlen /= sizeof(WCHAR);
+        if (cmdlen >= sizeof(cmd)/sizeof(WCHAR))
+            cmdlen = sizeof(cmd)/sizeof(WCHAR)-1;
         cmd[cmdlen] = '\0';
         SHELL_ArgifyW(param, sizeof(param)/sizeof(WCHAR), cmd, lpFile, psei->lpIDList, szCommandline, &resultLen);
         if (resultLen > sizeof(param)/sizeof(WCHAR))