Author: cwittich Date: Thu Feb 5 02:55:28 2009 New Revision: 39402 URL: http://svn.reactos.org/svn/reactos?rev=39402&view=rev Log: shell32: Fixed potential buffer overwrite in execute_from_key (Coverity). Marcus Meissner <marcus at jet.franken.de> Modified: trunk/reactos/dll/win32/shell32/shlexec.c Modified: trunk/reactos/dll/win32/shell32/shlexec.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/shell32/shlexec.… ============================================================================== --- trunk/reactos/dll/win32/shell32/shlexec.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/shell32/shlexec.c [iso-8859-1] Thu Feb 5 02:55:28 2009 @@ -908,6 +908,8 @@ /* Is there a replace() function anywhere? */ cmdlen /= sizeof(WCHAR); + if (cmdlen >= sizeof(cmd)/sizeof(WCHAR)) + cmdlen = sizeof(cmd)/sizeof(WCHAR)-1; cmd[cmdlen] = '\0'; SHELL_ArgifyW(param, sizeof(param)/sizeof(WCHAR), cmd, lpFile, psei->lpIDList, szCommandline, &resultLen); if (resultLen > sizeof(param)/sizeof(WCHAR))