https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e5a6b0f8e572ee1872b98… commit e5a6b0f8e572ee1872b987ad7d10418eac073cdf Author: Oleg Dubinskiy &lt;oleg.dubinskij30(a)gmail.com&gt; AuthorDate: Fri Jan 10 20:45:43 2025 +0100 Commit: GitHub &lt;noreply(a)github.com&gt; CommitDate: Fri Jan 10 20:45:43 2025 +0100 [SHELL32] SHELL_ArgifyW(): don't use SearchPathW() for receiving a path to a file (#7605) Get rid from bogus SearchPathW() call, which is marked as most likely not needed in the comment above (by Wine). Simply get a length of the file name and use the file name directly instead, with checking for its validity too. Similarly as it's done for other cases. That call seems actually not needed because it is already done using SearchPathW() in another parts of the code in this file, before calling SHELL_ArgifyW(). Fixes another heap corruption when trying to login via OAuth menthod in SpotifyXP 2.0.3 Beta (nightly build). The previous commit did not fix the bug fully, as I discovered it later. CORE-19953 --- dll/win32/shell32/shlexec.cpp | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/dll/win32/shell32/shlexec.cpp b/dll/win32/shell32/shlexec.cpp index 85c7feab0ff..f03db3de0e7 100644 --- a/dll/win32/shell32/shlexec.cpp +++ b/dll/win32/shell32/shlexec.cpp @@ -197,11 +197,9 @@ static void ParseTildeEffect(PWSTR &res, LPCWSTR &args, DWORD &len, DWORD &used, static BOOL SHELL_ArgifyW(WCHAR* out, DWORD len, const WCHAR* fmt, const WCHAR* lpFile, LPITEMIDLIST pidl, LPCWSTR args, DWORD* out_len, const WCHAR* lpDir) { - WCHAR xlpFile[1024]; BOOL done = FALSE; BOOL found_p1 = FALSE; PWSTR res = out; - PCWSTR cmd; DWORD used = 0; bool tildeEffect = false; @@ -279,20 +277,14 @@ static BOOL SHELL_ArgifyW(WCHAR* out, DWORD len, const WCHAR* fmt, const WCHAR* break; case '1': - if (!done || (*fmt == '1')) + if ((!done || (*fmt == '1')) && lpFile) { - /*FIXME Is the call to SearchPathW() really needed? We already have separated out the parameter string in args. */ - if (SearchPathW(lpDir, lpFile, L".exe", ARRAY_SIZE(xlpFile), xlpFile, NULL)) - cmd = xlpFile; - else - cmd = lpFile; - - SIZE_T cmdlen = wcslen(cmd); - used += cmdlen; + SIZE_T filelen = wcslen(lpFile); + used += filelen; if (used < len) { - wcscpy(res, cmd); - res += cmdlen; + wcscpy(res, lpFile); + res += filelen; } } found_p1 = TRUE;