[reactos] 01/02: [SHELL32] Prevent use after free - Ros-diffs

23 Sep 2022

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f3506ee626bc2c32bb38a0...
commit f3506ee626bc2c32bb38a06011c7616ae2c93459
Author:     Hervé Poussineau hpoussin@reactos.org
AuthorDate: Mon Sep 12 22:59:49 2022 +0200
Commit:     Hervé Poussineau hpoussin@reactos.org
CommitDate: Fri Sep 23 23:07:26 2022 +0200
[SHELL32] Prevent use after free
'buffer' is local to the function, while m_sPath is an instance class member.
    Fix that by calling the IShellLink::Resolve() function, which will allocate
    and fill the m_sPath variable.
CORE-15229
---
 dll/win32/shell32/CShellLink.cpp | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/dll/win32/shell32/CShellLink.cpp b/dll/win32/shell32/CShellLink.cpp
index 209961454e8..7ad91f5c2d9 100644
--- a/dll/win32/shell32/CShellLink.cpp
+++ b/dll/win32/shell32/CShellLink.cpp
@@ -2735,12 +2735,9 @@ LPWSTR SH_GetTargetTypeByPath(LPCWSTR lpcwFullPath)
BOOL CShellLink::OnInitDialog(HWND hwndDlg, HWND hwndFocus, LPARAM lParam)
 {
-    WCHAR buffer[MAX_PATH];
-
     TRACE("CShellLink::OnInitDialog(hwnd %p hwndFocus %p lParam %p)\n", hwndDlg, hwndFocus, lParam);
-    if (m_pPidl && SHGetPathFromIDListW(m_pPidl, buffer))
-        m_sPath = buffer;
+    Resolve(0, SLR_NO_UI | SLR_NOUPDATE | SLR_NOSEARCH | SLR_NOTRACK);
TRACE("m_sArgs: %S sComponent: %S m_sDescription: %S m_sIcoPath: %S m_sPath: %S m_sPathRel: %S sProduct: %S m_sWorkDir: %S\n", m_sArgs, sComponent, m_sDescription,
           m_sIcoPath, m_sPath, m_sPathRel, sProduct, m_sWorkDir);

    