From: Owen Rudge <orudge(a)codeweavers.com> Fixes potential crash when trying to print if a CUPS printer name contains an asterisk. Signed-off-by: Owen Rudge <orudge(a)codeweavers.com> Signed-off-by: Huw Davies <huw(a)codeweavers.com> --- dlls/winspool.drv/info.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/dlls/winspool.drv/info.c b/dlls/winspool.drv/info.c index fb9c1599d38..ed55761e29b 100644 --- a/dlls/winspool.drv/info.c +++ b/dlls/winspool.drv/info.c @@ -721,13 +721,18 @@ fail: static WCHAR *get_ppd_filename( const WCHAR *dir, const WCHAR *file_name ) { static const WCHAR dot_ppd[] = {'.','p','p','d',0}; - int len = (strlenW( dir ) + strlenW( file_name )) * sizeof(WCHAR) + sizeof(dot_ppd); - WCHAR *ppd = HeapAlloc( GetProcessHeap(), 0, len ); + static const WCHAR escape_chars[] = {'*','/','\\',0}; + int dir_len = strlenW( dir ), file_len = strlenW( file_name ); + int len = (dir_len + file_len + ARRAY_SIZE( dot_ppd )) * sizeof(WCHAR); + WCHAR *ppd = HeapAlloc( GetProcessHeap(), 0, len ), *p; if (!ppd) return NULL; - strcpyW( ppd, dir ); - strcatW( ppd, file_name ); - strcatW( ppd, dot_ppd ); + memcpy( ppd, dir, dir_len * sizeof(WCHAR) ); + memcpy( ppd + dir_len, file_name, file_len * sizeof(WCHAR) ); + memcpy( ppd + dir_len + file_len, dot_ppd, sizeof(dot_ppd) ); + + p = ppd + dir_len; + while ((p = strpbrkW( p, escape_chars ))) *p++ = '_'; return ppd; } -- 2.23.0