https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f3506ee626bc2c32bb38a… commit f3506ee626bc2c32bb38a06011c7616ae2c93459 Author: Hervé Poussineau <hpoussin(a)reactos.org> AuthorDate: Mon Sep 12 22:59:49 2022 +0200 Commit: Hervé Poussineau <hpoussin(a)reactos.org> CommitDate: Fri Sep 23 23:07:26 2022 +0200 [SHELL32] Prevent use after free 'buffer' is local to the function, while m_sPath is an instance class member. Fix that by calling the IShellLink::Resolve() function, which will allocate and fill the m_sPath variable. CORE-15229 --- dll/win32/shell32/CShellLink.cpp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/dll/win32/shell32/CShellLink.cpp b/dll/win32/shell32/CShellLink.cpp index 209961454e8..7ad91f5c2d9 100644 --- a/dll/win32/shell32/CShellLink.cpp +++ b/dll/win32/shell32/CShellLink.cpp @@ -2735,12 +2735,9 @@ LPWSTR SH_GetTargetTypeByPath(LPCWSTR lpcwFullPath) BOOL CShellLink::OnInitDialog(HWND hwndDlg, HWND hwndFocus, LPARAM lParam) { - WCHAR buffer[MAX_PATH]; - TRACE("CShellLink::OnInitDialog(hwnd %p hwndFocus %p lParam %p)\n", hwndDlg, hwndFocus, lParam); - if (m_pPidl && SHGetPathFromIDListW(m_pPidl, buffer)) - m_sPath = buffer; + Resolve(0, SLR_NO_UI | SLR_NOUPDATE | SLR_NOSEARCH | SLR_NOTRACK); TRACE("m_sArgs: %S sComponent: %S m_sDescription: %S m_sIcoPath: %S m_sPath: %S m_sPathRel: %S sProduct: %S m_sWorkDir: %S\n", m_sArgs, sComponent, m_sDescription, m_sIcoPath, m_sPath, m_sPathRel, sProduct, m_sWorkDir);