Huw Davies (@huw) commented about dlls/shell32/dde.c:
{ - len = lstrlenW(last_group) + 1 + lstrlenW(argv[1]) + 5; - name = heap_alloc(len * sizeof(*name)); - swprintf( name, len, L"%s/%s.lnk", last_group, argv[1] ); + name = combine_path(last_group, argv[1], L".lnk"); } else { - const WCHAR *filename = PathFindFileNameW(argv[0]); - len = PathFindExtensionW(filename) - filename; - name = heap_alloc((lstrlenW(last_group) + 1 + len + 5) * sizeof(*name)); - swprintf( name, lstrlenW(last_group) + 1 + len + 5, L"%s/%.*s.lnk", last_group, len, filename ); + WCHAR *filename = wcsdup(PathFindFileNameW(argv[0])); + *PathFindExtensionW(filename) = '\0'; + name = combine_path(last_group, filename, L".lnk"); + heap_free(filename);
This should be `free()` not `heap_free()` and suggests that what we should do first is to convert this file to using `malloc()`, `free()`, etc instead of the `heap_*()` helpers. I'd suggest a series something like this: 1. Move `strndupW()` into `dde.c` - it's only used in this file. 2. Convert calls to `heap_*()` helpers to their `malloc()`-style equivalents. 3. Add the `combine_path()` helper. 4. Add the sanitize option. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/23#note_10420