[ros-dev] [ros-diffs] [khornicek] 62665: [MAIN] - fix a copypasta - fix a possible buffer overrun (x5) - fix a negative array index access

Thomas Faber thomas.faber at reactos.org
Sun Apr 6 16:53:30 UTC 2014 

You guys should consider replacing that stuff with strsafe functions
while you're at it ;)


On 2014-04-06 18:45, khornicek at svn.reactos.org wrote:
> Author: khornicek
> Date: Sun Apr  6 16:45:21 2014
> New Revision: 62665
> 
> URL: http://svn.reactos.org/svn/reactos?rev=62665&view=rev
> Log:
> [MAIN]
> - fix a copypasta
> - fix a possible buffer overrun (x5)
> - fix a negative array index access
> 
> Modified:
>     trunk/reactos/dll/cpl/main/mouse.c
> 
> Modified: trunk/reactos/dll/cpl/main/mouse.c
> URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/main/mouse.c?rev=62665&r1=62664&r2=62665&view=diff
> ==============================================================================
> --- trunk/reactos/dll/cpl/main/mouse.c	[iso-8859-1] (original)
> +++ trunk/reactos/dll/cpl/main/mouse.c	[iso-8859-1] Sun Apr  6 16:45:21 2014
> @@ -499,7 +499,7 @@
>                  /* Remove quotation marks */
>                  if (szTempData[0] == _T('"'))
>                  {
> -                    lpStart = szValueData + 1;
> +                    lpStart = szTempData + 1;
>                      szTempData[_tcslen(szTempData) - 1] = 0;
>                  }
>                  else
> @@ -1022,9 +1022,9 @@
>  static VOID
>  LoadInitialCursorScheme(HWND hwndDlg)
>  {
> -    TCHAR szSchemeName[256];
> -    TCHAR szSystemScheme[256];
> -    TCHAR szCursorPath[256];
> +    TCHAR szSchemeName[MAX_PATH];
> +    TCHAR szSystemScheme[MAX_PATH];
> +    TCHAR szCursorPath[MAX_PATH];
>      HKEY hCursorKey;
>      LONG lError;
>      DWORD dwDataSize;
> @@ -1057,7 +1057,7 @@
>  
>      if (dwSchemeSource != 0)
>      {
> -        dwDataSize = 256 * sizeof(TCHAR);
> +        dwDataSize = MAX_PATH * sizeof(TCHAR);
>          lError = RegQueryValueEx(hCursorKey,
>                                   NULL,
>                                   NULL,
> @@ -1101,8 +1101,8 @@
>      else if (dwSchemeSource == 2)
>      {
>          LoadString(hApplet, IDS_SYSTEM_SCHEME, szSystemScheme, MAX_PATH);
> -        _tcscat(szSchemeName, _T(" "));
> -        _tcscat(szSchemeName, szSystemScheme);
> +        _tcsncat(szSchemeName, _T(" "), MAX_PATH - _tcslen(szSchemeName));
> +        _tcsncat(szSchemeName, szSystemScheme, MAX_PATH - _tcslen(szSchemeName));
>      }
>  
>      /* Search and select the curent scheme name from the scheme list */
> @@ -1276,6 +1276,10 @@
>                      {
>                          case LBN_SELCHANGE:
>                              nSel = SendMessage((HWND)lParam, LB_GETCURSEL, 0, 0);
> +
> +                            if(nSel == LB_ERR)
> +                                break;
> +
>                              SendDlgItemMessage(hwndDlg, IDC_IMAGE_CURRENT_CURSOR, STM_SETIMAGE, IMAGE_CURSOR,
>                                                 (LPARAM)g_CursorData[nSel].hCursor);
>                              EnableWindow(GetDlgItem(hwndDlg,IDC_BUTTON_USE_DEFAULT_CURSOR),
> 
>

More information about the Ros-dev mailing list