[reactos] 01/01: [SHELL32] SHELL_ArgifyW(): don't use SearchPathW() for receiving a path to a file (#7605) - Ros-diffs

10 Jan 2025

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e5a6b0f8e572ee1872b987...
commit e5a6b0f8e572ee1872b987ad7d10418eac073cdf
Author:     Oleg Dubinskiy oleg.dubinskij30@gmail.com
AuthorDate: Fri Jan 10 20:45:43 2025 +0100
Commit:     GitHub noreply@github.com
CommitDate: Fri Jan 10 20:45:43 2025 +0100
[SHELL32] SHELL_ArgifyW(): don't use SearchPathW() for receiving a path to a file (#7605)
Get rid from bogus SearchPathW() call, which is marked as most likely not needed in the comment above (by Wine). Simply get a length of the file name and use the file name directly instead, with checking for its validity too. Similarly as it's done for other cases.
    That call seems actually not needed because it is already done using SearchPathW() in another parts of the code in this file, before calling SHELL_ArgifyW().
    Fixes another heap corruption when trying to login via OAuth menthod in SpotifyXP 2.0.3 Beta (nightly build). The previous commit did not fix the bug fully, as I discovered it later.
    CORE-19953
---
 dll/win32/shell32/shlexec.cpp | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/dll/win32/shell32/shlexec.cpp b/dll/win32/shell32/shlexec.cpp
index 85c7feab0ff..f03db3de0e7 100644
--- a/dll/win32/shell32/shlexec.cpp
+++ b/dll/win32/shell32/shlexec.cpp
@@ -197,11 +197,9 @@ static void ParseTildeEffect(PWSTR &res, LPCWSTR &args, DWORD &len, DWORD &used,
static BOOL SHELL_ArgifyW(WCHAR* out, DWORD len, const WCHAR* fmt, const WCHAR* lpFile, LPITEMIDLIST pidl, LPCWSTR args, DWORD* out_len, const WCHAR* lpDir)
 {
-    WCHAR   xlpFile[1024];
     BOOL    done = FALSE;
     BOOL    found_p1 = FALSE;
     PWSTR   res = out;
-    PCWSTR  cmd;
     DWORD   used = 0;
     bool    tildeEffect = false;
@@ -279,20 +277,14 @@ static BOOL SHELL_ArgifyW(WCHAR* out, DWORD len, const WCHAR* fmt, const WCHAR*
                 break;
case '1':
-                    if (!done || (*fmt == '1'))
+                    if ((!done || (*fmt == '1')) && lpFile)
                     {
-                        /*FIXME Is the call to SearchPathW() really needed? We already have separated out the parameter string in args. */
-                        if (SearchPathW(lpDir, lpFile, L".exe", ARRAY_SIZE(xlpFile), xlpFile, NULL))
-                            cmd = xlpFile;
-                        else
-                            cmd = lpFile;
-
-                        SIZE_T cmdlen = wcslen(cmd);
-                        used += cmdlen;
+                        SIZE_T filelen = wcslen(lpFile);
+                        used += filelen;
                         if (used < len)
                         {
-                            wcscpy(res, cmd);
-                            res += cmdlen;
+                            wcscpy(res, lpFile);
+                            res += filelen;
                         }
                     }
                     found_p1 = TRUE;

    