Re: [ros-dev] [ros-diffs] [khornicek] 62665: [MAIN] - fix a copypasta - fix a possible buffer overrun (x5) - fix a negative array index access
You guys should consider replacing that stuff with strsafe functions while you're at it ;)
On 2014-04-06 18:45, khornicek@svn.reactos.org wrote:
Author: khornicek Date: Sun Apr 6 16:45:21 2014 New Revision: 62665
URL: http://svn.reactos.org/svn/reactos?rev=62665&view=rev Log: [MAIN]
- fix a copypasta
- fix a possible buffer overrun (x5)
- fix a negative array index access
Modified: trunk/reactos/dll/cpl/main/mouse.c
Modified: trunk/reactos/dll/cpl/main/mouse.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/main/mouse.c?rev=62... ============================================================================== --- trunk/reactos/dll/cpl/main/mouse.c [iso-8859-1] (original) +++ trunk/reactos/dll/cpl/main/mouse.c [iso-8859-1] Sun Apr 6 16:45:21 2014 @@ -499,7 +499,7 @@ /* Remove quotation marks */ if (szTempData[0] == _T('"')) {
lpStart = szValueData + 1;
lpStart = szTempData + 1; szTempData[_tcslen(szTempData) - 1] = 0; } else@@ -1022,9 +1022,9 @@ static VOID LoadInitialCursorScheme(HWND hwndDlg) {
- TCHAR szSchemeName[256];
- TCHAR szSystemScheme[256];
- TCHAR szCursorPath[256];
- TCHAR szSchemeName[MAX_PATH];
- TCHAR szSystemScheme[MAX_PATH];
- TCHAR szCursorPath[MAX_PATH]; HKEY hCursorKey; LONG lError; DWORD dwDataSize;
@@ -1057,7 +1057,7 @@
if (dwSchemeSource != 0) {
dwDataSize = 256 * sizeof(TCHAR);
dwDataSize = MAX_PATH * sizeof(TCHAR); lError = RegQueryValueEx(hCursorKey, NULL, NULL,@@ -1101,8 +1101,8 @@ else if (dwSchemeSource == 2) { LoadString(hApplet, IDS_SYSTEM_SCHEME, szSystemScheme, MAX_PATH);
_tcscat(szSchemeName, _T(" "));_tcscat(szSchemeName, szSystemScheme);
_tcsncat(szSchemeName, _T(" "), MAX_PATH - _tcslen(szSchemeName));_tcsncat(szSchemeName, szSystemScheme, MAX_PATH - _tcslen(szSchemeName));}
/* Search and select the curent scheme name from the scheme list */
@@ -1276,6 +1276,10 @@ { case LBN_SELCHANGE: nSel = SendMessage((HWND)lParam, LB_GETCURSEL, 0, 0);
if(nSel == LB_ERR)break;SendDlgItemMessage(hwndDlg, IDC_IMAGE_CURRENT_CURSOR, STM_SETIMAGE, IMAGE_CURSOR, (LPARAM)g_CursorData[nSel].hCursor); EnableWindow(GetDlgItem(hwndDlg,IDC_BUTTON_USE_DEFAULT_CURSOR),
There's too many of these and I personally don't want to introduce more bugs (confusing src and dest etc) because there's no way I can properly test all of them. Maybe someone would pick this up if we offered to pay for it.
K.
Dne 6.4.2014 18:53, Thomas Faber napsal(a):
You guys should consider replacing that stuff with strsafe functions while you're at it ;)
On 2014-04-06 18:45, khornicek@svn.reactos.org wrote:
Author: khornicek Date: Sun Apr 6 16:45:21 2014 New Revision: 62665
URL: http://svn.reactos.org/svn/reactos?rev=62665&view=rev Log: [MAIN]
- fix a copypasta
- fix a possible buffer overrun (x5)
- fix a negative array index access
Modified: trunk/reactos/dll/cpl/main/mouse.c
Modified: trunk/reactos/dll/cpl/main/mouse.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/main/mouse.c?rev=62... ============================================================================== --- trunk/reactos/dll/cpl/main/mouse.c [iso-8859-1] (original) +++ trunk/reactos/dll/cpl/main/mouse.c [iso-8859-1] Sun Apr 6 16:45:21 2014 @@ -499,7 +499,7 @@ /* Remove quotation marks */ if (szTempData[0] == _T('"')) {
lpStart = szValueData + 1;
lpStart = szTempData + 1; szTempData[_tcslen(szTempData) - 1] = 0; } else@@ -1022,9 +1022,9 @@ static VOID LoadInitialCursorScheme(HWND hwndDlg) {
- TCHAR szSchemeName[256];
- TCHAR szSystemScheme[256];
- TCHAR szCursorPath[256];
- TCHAR szSchemeName[MAX_PATH];
- TCHAR szSystemScheme[MAX_PATH];
- TCHAR szCursorPath[MAX_PATH]; HKEY hCursorKey; LONG lError; DWORD dwDataSize;
@@ -1057,7 +1057,7 @@
if (dwSchemeSource != 0) {
dwDataSize = 256 * sizeof(TCHAR);
dwDataSize = MAX_PATH * sizeof(TCHAR); lError = RegQueryValueEx(hCursorKey, NULL, NULL,@@ -1101,8 +1101,8 @@ else if (dwSchemeSource == 2) { LoadString(hApplet, IDS_SYSTEM_SCHEME, szSystemScheme, MAX_PATH);
_tcscat(szSchemeName, _T(" "));_tcscat(szSchemeName, szSystemScheme);
_tcsncat(szSchemeName, _T(" "), MAX_PATH - _tcslen(szSchemeName));_tcsncat(szSchemeName, szSystemScheme, MAX_PATH - _tcslen(szSchemeName)); } /* Search and select the curent scheme name from the scheme list */@@ -1276,6 +1276,10 @@ { case LBN_SELCHANGE: nSel = SendMessage((HWND)lParam, LB_GETCURSEL, 0, 0);
if(nSel == LB_ERR)break;SendDlgItemMessage(hwndDlg, IDC_IMAGE_CURRENT_CURSOR, STM_SETIMAGE, IMAGE_CURSOR, (LPARAM)g_CursorData[nSel].hCursor); EnableWindow(GetDlgItem(hwndDlg,IDC_BUTTON_USE_DEFAULT_CURSOR),
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
-
Kamil Hornicek -
Thomas Faber