Module: wine Branch: master Commit: c3b80267894059fec3f703d20efb61c5bc6ae58c URL: http://source.winehq.org/git/wine.git/?a=commit;h=c3b80267894059fec3f703d20e... Author: Jörg Höhle <hoehle(a)users.sourceforge.net> Date: Wed Jul 1 09:53:15 2009 +0200 kernel32: Avoid unprotected sprintf on registry/user-supplied format string. --- dlls/kernel32/except.c | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-) diff --git a/dlls/kernel32/except.c b/dlls/kernel32/except.c index 53a4515..ca39ec6 100644 --- a/dlls/kernel32/except.c +++ b/dlls/kernel32/except.c @@ -265,15 +265,16 @@ static BOOL start_debugger(PEXCEPTION_POINTERS epointers, HANDLE hEvent) if (format) { - cmdline = HeapAlloc(GetProcessHeap(), 0, strlen(format) + 2*20); - sprintf(cmdline, format, GetCurrentProcessId(), hEvent); + size_t format_size = strlen(format) + 2*20; + cmdline = HeapAlloc(GetProcessHeap(), 0, format_size); + snprintf(cmdline, format_size, format, (long)GetCurrentProcessId(), (long)HandleToLong(hEvent)); HeapFree(GetProcessHeap(), 0, format); } else { cmdline = HeapAlloc(GetProcessHeap(), 0, 80); - sprintf(cmdline, "winedbg --auto %d %ld", - GetCurrentProcessId(), (ULONG_PTR)hEvent); + snprintf(cmdline, 80, "winedbg --auto %ld %ld", /* as in tools/wine.inf */ + (long)GetCurrentProcessId(), (long)HandleToLong(hEvent)); } if (!bAuto)