Author: tfaber Date: Tue Oct 20 08:40:29 2015 New Revision: 69628 URL: http://svn.reactos.org/svn/reactos?rev=69628&view=rev Log: [WORDPAD] - Fix potential buffer overflows. CID 713265, 713266 Modified: trunk/reactos/base/applications/wordpad/registry.c trunk/reactos/base/applications/wordpad/wordpad.c Modified: trunk/reactos/base/applications/wordpad/registry.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/wordpad/… ============================================================================== --- trunk/reactos/base/applications/wordpad/registry.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/wordpad/registry.c [iso-8859-1] Tue Oct 20 08:40:29 2015 @@ -156,9 +156,9 @@ { LPWSTR pos_basename; LPWSTR truncpos1, truncpos2; - WCHAR myDocs[MAX_STRING_LEN]; - - SHGetFolderPathW(NULL, CSIDL_PERSONAL, NULL, SHGFP_TYPE_CURRENT, (LPWSTR)&myDocs); + WCHAR myDocs[MAX_PATH]; + + SHGetFolderPathW(NULL, CSIDL_PERSONAL, NULL, SHGFP_TYPE_CURRENT, myDocs); pos_basename = file_basename(file); truncpos1 = NULL; truncpos2 = NULL; Modified: trunk/reactos/base/applications/wordpad/wordpad.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/wordpad/… ============================================================================== --- trunk/reactos/base/applications/wordpad/wordpad.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/wordpad/wordpad.c [iso-8859-1] Tue Oct 20 08:40:29 2015 @@ -1229,7 +1229,7 @@ if (pFr->lpstrFindWhat != custom_data->findBuffer) { lstrcpynW(custom_data->findBuffer, pFr->lpstrFindWhat, - sizeof(custom_data->findBuffer)); + _countof(custom_data->findBuffer)); pFr->lpstrFindWhat = custom_data->findBuffer; }