Re: [PATCH v8 0/6] MR1857: Draft: comdlg32: IFileDialog navigation bar

4 Jan 2023


      Esme Povirk (@madewokherd) commented about dlls/comdlg32/navbar.c:
...

INT len = 0, size;
WCHAR *text = NULL, *expanded = NULL;
DWORD expanded_cch;
ITEMIDLIST *pidl = NULL;
HRESULT hr;

len = GetWindowTextLengthW(info->pathedit_hwnd);
if (!len)
   goto exit;


size = (len + 1) * sizeof(WCHAR);
text = HeapAlloc(GetProcessHeap(), 0, size);
if (!text)
   goto exit;


if (!GetWindowTextW(info->pathedit_hwnd, text, size))

According to MSDN, the last argument is the number of characters the buffer can accept, not the number of bytes, so this could overflow.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/1857#note_20327

2025

2024

2023

2022

Re: [PATCH v8 0/6] MR1857: Draft: comdlg32: IFileDialog navigation bar