This breaks REG_MULTI_SZ
Am 25.03.2011 23:34, schrieb [email protected]:
Author: rharabien Date: Fri Mar 25 22:34:53 2011 New Revision: 51139 URL:http://svn.reactos.org/svn/reactos?rev=51139&view=rev Log: [WIN32K] Make sure strings returned by internal function RegQueryValue are NULL terminated Modified: trunk/reactos/subsystems/win32/win32k/misc/registry.c Modified: trunk/reactos/subsystems/win32/win32k/misc/registry.c URL:http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/misc/registry.c?rev=51139&r1=51138&r2=51139&view=diff ============================================================================== --- trunk/reactos/subsystems/win32/win32k/misc/registry.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/misc/registry.c [iso-8859-1] Fri Mar 25 22:34:53 2011 @@ -58,7 +58,7 @@ ULONG cbInfoSize, cbDataSize; /* Check if the local buffer is sufficient */ - cbInfoSize = sizeof(KEY_VALUE_PARTIAL_INFORMATION) + *pcbValue; + cbInfoSize = FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data) + *pcbValue; if (cbInfoSize<= sizeof(ajBuffer)) { pInfo = (PVOID)ajBuffer; @@ -89,8 +89,11 @@ /* Did we get the right type */ if (pInfo->Type == ulType) { - /* Copy the contents to the caller */ - RtlCopyMemory(pvData, pInfo->Data, min(*pcbValue, cbDataSize)); + /* Copy the contents to the caller. Make sure strings are null terminated */ + if (ulType == REG_SZ || ulType == REG_MULTI_SZ || ulType == REG_EXPAND_SZ) + RtlStringCbCopyNW((LPWSTR)pvData, *pcbValue, (LPWSTR)pInfo->Data, cbDataSize); + else + RtlCopyMemory(pvData, pInfo->Data, cbDataSize); } else Status = STATUS_OBJECT_TYPE_MISMATCH;
_______________________________________________ Ros-dev mailing list [email protected] http://www.reactos.org/mailman/listinfo/ros-dev
