[ros-dev] [ros-diffs] [khornicek] 62665: [MAIN] - fix a copypasta - fix a possible buffer overrun (x5) - fix a negative array index access

Kamil Hornicek kamil.hornicek at reactos.org
Sun Apr 6 19:51:47 UTC 2014 

There's too many of these and I personally don't want to introduce more 
bugs (confusing src and dest etc) because there's no way I can properly 
test all of them. Maybe someone would pick this up if we offered to pay 
for it.

K.

Dne 6.4.2014 18:53, Thomas Faber napsal(a):
> You guys should consider replacing that stuff with strsafe functions
> while you're at it ;)
>
>
> On 2014-04-06 18:45, khornicek at svn.reactos.org wrote:
>> Author: khornicek
>> Date: Sun Apr  6 16:45:21 2014
>> New Revision: 62665
>>
>> URL: http://svn.reactos.org/svn/reactos?rev=62665&view=rev
>> Log:
>> [MAIN]
>> - fix a copypasta
>> - fix a possible buffer overrun (x5)
>> - fix a negative array index access
>>
>> Modified:
>>      trunk/reactos/dll/cpl/main/mouse.c
>>
>> Modified: trunk/reactos/dll/cpl/main/mouse.c
>> URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/main/mouse.c?rev=62665&r1=62664&r2=62665&view=diff
>> ==============================================================================
>> --- trunk/reactos/dll/cpl/main/mouse.c	[iso-8859-1] (original)
>> +++ trunk/reactos/dll/cpl/main/mouse.c	[iso-8859-1] Sun Apr  6 16:45:21 2014
>> @@ -499,7 +499,7 @@
>>                   /* Remove quotation marks */
>>                   if (szTempData[0] == _T('"'))
>>                   {
>> -                    lpStart = szValueData + 1;
>> +                    lpStart = szTempData + 1;
>>                       szTempData[_tcslen(szTempData) - 1] = 0;
>>                   }
>>                   else
>> @@ -1022,9 +1022,9 @@
>>   static VOID
>>   LoadInitialCursorScheme(HWND hwndDlg)
>>   {
>> -    TCHAR szSchemeName[256];
>> -    TCHAR szSystemScheme[256];
>> -    TCHAR szCursorPath[256];
>> +    TCHAR szSchemeName[MAX_PATH];
>> +    TCHAR szSystemScheme[MAX_PATH];
>> +    TCHAR szCursorPath[MAX_PATH];
>>       HKEY hCursorKey;
>>       LONG lError;
>>       DWORD dwDataSize;
>> @@ -1057,7 +1057,7 @@
>>
>>       if (dwSchemeSource != 0)
>>       {
>> -        dwDataSize = 256 * sizeof(TCHAR);
>> +        dwDataSize = MAX_PATH * sizeof(TCHAR);
>>           lError = RegQueryValueEx(hCursorKey,
>>                                    NULL,
>>                                    NULL,
>> @@ -1101,8 +1101,8 @@
>>       else if (dwSchemeSource == 2)
>>       {
>>           LoadString(hApplet, IDS_SYSTEM_SCHEME, szSystemScheme, MAX_PATH);
>> -        _tcscat(szSchemeName, _T(" "));
>> -        _tcscat(szSchemeName, szSystemScheme);
>> +        _tcsncat(szSchemeName, _T(" "), MAX_PATH - _tcslen(szSchemeName));
>> +        _tcsncat(szSchemeName, szSystemScheme, MAX_PATH - _tcslen(szSchemeName));
>>       }
>>
>>       /* Search and select the curent scheme name from the scheme list */
>> @@ -1276,6 +1276,10 @@
>>                       {
>>                           case LBN_SELCHANGE:
>>                               nSel = SendMessage((HWND)lParam, LB_GETCURSEL, 0, 0);
>> +
>> +                            if(nSel == LB_ERR)
>> +                                break;
>> +
>>                               SendDlgItemMessage(hwndDlg, IDC_IMAGE_CURRENT_CURSOR, STM_SETIMAGE, IMAGE_CURSOR,
>>                                                  (LPARAM)g_CursorData[nSel].hCursor);
>>                               EnableWindow(GetDlgItem(hwndDlg,IDC_BUTTON_USE_DEFAULT_CURSOR),
>>
>>
>
>
> _______________________________________________
> Ros-dev mailing list
> Ros-dev at reactos.org
> http://www.reactos.org/mailman/listinfo/ros-dev

More information about the Ros-dev mailing list