[PATCH 1/1] CommandLineToArgvW: adjusted to follow default nominal condition, closes vulnerability by incorrect parsing of command line

22 Mar 2023

From: "Sergey G. Brester" gitlab@sebres.de
---
 dlls/shcore/main.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dlls/shcore/main.c b/dlls/shcore/main.c
index 278eeb82fd5..24d6436de25 100644
--- a/dlls/shcore/main.c
+++ b/dlls/shcore/main.c
@@ -383,10 +383,10 @@ WCHAR** WINAPI CommandLineToArgvW(const WCHAR *cmdline, int *numargs)
             /* consecutive quotes, see comment in copying code below */
             while (*s == '"')
             {
-                qcount++;
+                if (++qcount==3)
+                    qcount=1;
                 s++;
             }
-            qcount = qcount % 3;
             if (qcount == 2)
                 qcount = 0;
         }
@@ -498,7 +498,7 @@ WCHAR** WINAPI CommandLineToArgvW(const WCHAR *cmdline, int *numargs)
                 if (++qcount == 3)
                 {
                     *d++ = '"';
-                    qcount = 0;
+                    qcount = 1;
                 }
                 s++;
             }
-- 
GitLab

https://gitlab.winehq.org/wine/wine/-/merge_requests/2472

    