[PATCH 0/1] MR331: winecfg: Support color profiles larger than MAX_PATH chars.
Signed-off-by: Stefan Dösinger <stefan(a)codeweavers.com> --- GetPrivateProfileStringW looks rather awkward to me, and we are dealing with external input here, so if there is a better way to handle this please let me know. A theme description I copypasted out of the registry has 384 characters, so a larger array than MAX_PATH is needed to import it correctly. A maliciously crafted ini file could have any size. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/331
From: Stefan Dösinger <stefan(a)codeweavers.com> Signed-off-by: Stefan Dösinger <stefan(a)codeweavers.com> --- GetPrivateProfileStringW looks rather awkward to me, and we are dealing with external input here, so if there is a better way to handle this please let me know. A theme description I copypasted out of the registry has 384 characters, so a larger array than MAX_PATH is needed to import it correctly. A maliciously crafted ini file could have any size. --- programs/winecfg/theme.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/programs/winecfg/theme.c b/programs/winecfg/theme.c index 9c8737caf64..2b3e447bda0 100644 --- a/programs/winecfg/theme.c +++ b/programs/winecfg/theme.c @@ -22,6 +22,7 @@ * */ +#include <assert.h> #include <stdarg.h> #include <stdlib.h> #include <stdio.h> @@ -554,15 +555,24 @@ static void set_color_from_theme(const WCHAR *keyName, COLORREF color) static void do_parse_theme(WCHAR *file) { - WCHAR keyName[MAX_PATH], keyNameValue[MAX_PATH]; + WCHAR *keyName, keyNameValue[MAX_PATH]; + DWORD len, allocLen = 512; WCHAR *keyNamePtr = NULL; int red = 0, green = 0, blue = 0; COLORREF color; - WINE_TRACE("%s\n", wine_dbgstr_w(file)); + keyName = malloc(sizeof(*keyName) * allocLen); + for (;;) + { + assert(keyName); + len = GetPrivateProfileStringW(L"Control Panel\\Colors", NULL, NULL, keyName, + allocLen, file); + if (len < allocLen - 2) + break; - GetPrivateProfileStringW(L"Control Panel\\Colors", NULL, NULL, keyName, - MAX_PATH, file); + allocLen *= 2; + keyName = realloc(keyName, sizeof(*keyName) * allocLen); + } keyNamePtr = keyName; while (*keyNamePtr!=0) { @@ -580,6 +590,7 @@ static void do_parse_theme(WCHAR *file) keyNamePtr+=lstrlenW(keyNamePtr); keyNamePtr++; } + free(keyName); } static void on_theme_install(HWND dialog) -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/331
Zhiyi Zhang (@zhiyi) commented about programs/winecfg/theme.c:
static void do_parse_theme(WCHAR *file) { - WCHAR keyName[MAX_PATH], keyNameValue[MAX_PATH]; + WCHAR *keyName, keyNameValue[MAX_PATH]; + DWORD len, allocLen = 512; WCHAR *keyNamePtr = NULL; int red = 0, green = 0, blue = 0; COLORREF color;
- WINE_TRACE("%s\n", wine_dbgstr_w(file));
Please don't remove this trace. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/331#note_2852
Zhiyi Zhang (@zhiyi) commented about programs/winecfg/theme.c:
static void do_parse_theme(WCHAR *file) { - WCHAR keyName[MAX_PATH], keyNameValue[MAX_PATH]; + WCHAR *keyName, keyNameValue[MAX_PATH]; + DWORD len, allocLen = 512; WCHAR *keyNamePtr = NULL; int red = 0, green = 0, blue = 0; COLORREF color;
- WINE_TRACE("%s\n", wine_dbgstr_w(file)); + keyName = malloc(sizeof(*keyName) * allocLen); + for (;;) + { + assert(keyName); + len = GetPrivateProfileStringW(L"Control Panel\\Colors", NULL, NULL, keyName, + allocLen, file); Formatting.
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/331#note_2853
participants (2)
-
Stefan Dösinger -
Zhiyi Zhang (@zhiyi)