ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

shell32/autocomplete: Avoid another buffer overflow and handle arbitrary sizes for the auto-append string. 

Signed-off-by: Gabriel Ivăncescu <gabrielopcode@gmail.com>
Signed-off-by: Huw Davies <huw@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Gabriel Ivăncescu 2018-09-18 23:59:53 +03:00 committed by Alexandre Julliard
parent 72d8b7befd
commit 2a8df60a8c
1 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
dlls/shell32/autocomplete.c
View File

@ -126,6 +126,28 @@ static size_t format_quick_complete(WCHAR *dst, const WCHAR *qc, const WCHAR *st
return dst - base;
}
static void autoappend_str(IAutoCompleteImpl *ac, WCHAR *text, UINT len, WCHAR *str, HWND hwnd)
{
WCHAR *tmp;
size_t size;
/* The character capitalization can be different,
so merge text and str into a new string */
size = len + strlenW(&str[len]) + 1;
if ((tmp = heap_alloc(size * sizeof(*tmp))))
{
memcpy(tmp, text, len * sizeof(*tmp));
memcpy(&tmp[len], &str[len], (size - len) * sizeof(*tmp));
}
else tmp = str;
SendMessageW(hwnd, WM_SETTEXT, 0, (LPARAM)tmp);
SendMessageW(hwnd, EM_SETSEL, len, size - 1);
if (tmp != str)
heap_free(tmp);
}
static void autocomplete_text(IAutoCompleteImpl *ac, HWND hwnd, enum autoappend_flag flag)
{
HRESULT hr;
@ -166,12 +188,7 @@ static void autocomplete_text(IAutoCompleteImpl *ac, HWND hwnd, enum autoappend_
{
if (cpt == 0 && flag == autoappend_flag_yes)
{
WCHAR buffW[255];
strcpyW(buffW, text);
strcatW(buffW, &strs[len]);
SetWindowTextW(hwnd, buffW);
SendMessageW(hwnd, EM_SETSEL, len, strlenW(strs));
autoappend_str(ac, text, len, strs, hwnd);
if (!(ac->options & ACO_AUTOSUGGEST))
{
CoTaskMemFree(strs);