[ros-diffs] [rmessiant] 50135: [WIN32K] - IntCreateWindow: Fill out MaximumLength field of the window name. Fixes potential buffer overflow in at least NtUserDefSetText.

25 Dec 2010

Author: rmessiant
Date: Sat Dec 25 05:27:01 2010
New Revision: 50135
URL: http://svn.reactos.org/svn/reactos?rev=50135&view=rev
Log:
[WIN32K]
- IntCreateWindow: Fill out MaximumLength field of the window name. Fixes potential buffer overflow in at least NtUserDefSetText.
Modified:
    trunk/reactos/subsystems/win32/win32k/ntuser/window.c
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu...
==============================================================================

--- trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] Sat Dec 25 05:27:01 2010
@@ -1759,6 +1759,7 @@
       RtlCopyMemory(pWnd->strName.Buffer, WindowName->Buffer, WindowName->Length);
       pWnd->strName.Buffer[WindowName->Length / sizeof(WCHAR)] = L'\0';
       pWnd->strName.Length = WindowName->Length;
+      pWnd->strName.MaximumLength = WindowName->Length + sizeof(UNICODE_NULL);
    }
/* Correct the window style. */

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [rmessiant] 50135: [WIN32K] - IntCreateWindow: Fill out MaximumLength field of the window name. Fixes potential buffer overflow in at least NtUserDefSetText.