Re: [PATCH v7 0/2] MR23: shell32: Sanitize Program Manager icon and group names

12 Oct 2022


      Huw Davies (@huw) commented about dlls/shell32/dde.c:
...
     {


       len = lstrlenW(last_group) + 1 + lstrlenW(argv[1]) + 5;


       name = heap_alloc(len * sizeof(*name));


       swprintf( name, len, L"%s/%s.lnk", last_group, argv[1] );


       name = combine_path(last_group, argv[1], L".lnk");
   }
   else
   {


       const WCHAR *filename = PathFindFileNameW(argv[0]);


       len = PathFindExtensionW(filename) - filename;


       name = heap_alloc((lstrlenW(last_group) + 1 + len + 5) * sizeof(*name));


       swprintf( name, lstrlenW(last_group) + 1 + len + 5, L"%s/%.*s.lnk", last_group, len, filename );


       WCHAR *filename = wcsdup(PathFindFileNameW(argv[0]));


       *PathFindExtensionW(filename) = '\0';


       name = combine_path(last_group, filename, L".lnk");


       heap_free(filename);


This should be `free()` not `heap_free()` and suggests that what we should do first is to convert this file to using `malloc()`, `free()`, etc instead of the `heap_*()` helpers.
I'd suggest a series something like this:
 1. Move `strndupW()` into `dde.c` - it's only used in this file.
 2. Convert calls to `heap_*()` helpers to their `malloc()`-style equivalents.
 3. Add the `combine_path()` helper.
 4. Add the sanitize option.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/23#note_10420

2025

2024

2023

2022

Re: [PATCH v7 0/2] MR23: shell32: Sanitize Program Manager icon and group names