Author: rmessiant Date: Sat Dec 25 05:27:01 2010 New Revision: 50135 URL: http://svn.reactos.org/svn/reactos?rev=50135&view=rev Log: [WIN32K] - IntCreateWindow: Fill out MaximumLength field of the window name. Fixes potential buffer overflow in at least NtUserDefSetText. Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] Sat Dec 25 05:27:01 2010 @@ -1759,6 +1759,7 @@ RtlCopyMemory(pWnd->strName.Buffer, WindowName->Buffer, WindowName->Length); pWnd->strName.Buffer[WindowName->Length / sizeof(WCHAR)] = L'\0'; pWnd->strName.Length = WindowName->Length; + pWnd->strName.MaximumLength = WindowName->Length + sizeof(UNICODE_NULL); } /* Correct the window style. */