You guys should consider replacing that stuff with strsafe functions while you're at it ;)
On 2014-04-06 18:45, khorni...@svn.reactos.org wrote: > Author: khornicek > Date: Sun Apr 6 16:45:21 2014 > New Revision: 62665 > > URL: http://svn.reactos.org/svn/reactos?rev=62665&view=rev > Log: > [MAIN] > - fix a copypasta > - fix a possible buffer overrun (x5) > - fix a negative array index access > > Modified: > trunk/reactos/dll/cpl/main/mouse.c > > Modified: trunk/reactos/dll/cpl/main/mouse.c > URL: > http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/main/mouse.c?rev=62665&r1=62664&r2=62665&view=diff > ============================================================================== > --- trunk/reactos/dll/cpl/main/mouse.c [iso-8859-1] (original) > +++ trunk/reactos/dll/cpl/main/mouse.c [iso-8859-1] Sun Apr 6 > 16:45:21 2014 > @@ -499,7 +499,7 @@ > /* Remove quotation marks */ > if (szTempData[0] == _T('"')) > { > - lpStart = szValueData + 1; > + lpStart = szTempData + 1; > szTempData[_tcslen(szTempData) - 1] = 0; > } > else > @@ -1022,9 +1022,9 @@ > static VOID > LoadInitialCursorScheme(HWND hwndDlg) > { > - TCHAR szSchemeName[256]; > - TCHAR szSystemScheme[256]; > - TCHAR szCursorPath[256]; > + TCHAR szSchemeName[MAX_PATH]; > + TCHAR szSystemScheme[MAX_PATH]; > + TCHAR szCursorPath[MAX_PATH]; > HKEY hCursorKey; > LONG lError; > DWORD dwDataSize; > @@ -1057,7 +1057,7 @@ > > if (dwSchemeSource != 0) > { > - dwDataSize = 256 * sizeof(TCHAR); > + dwDataSize = MAX_PATH * sizeof(TCHAR); > lError = RegQueryValueEx(hCursorKey, > NULL, > NULL, > @@ -1101,8 +1101,8 @@ > else if (dwSchemeSource == 2) > { > LoadString(hApplet, IDS_SYSTEM_SCHEME, szSystemScheme, MAX_PATH); > - _tcscat(szSchemeName, _T(" ")); > - _tcscat(szSchemeName, szSystemScheme); > + _tcsncat(szSchemeName, _T(" "), MAX_PATH - _tcslen(szSchemeName)); > + _tcsncat(szSchemeName, szSystemScheme, MAX_PATH - > _tcslen(szSchemeName)); > } > > /* Search and select the curent scheme name from the scheme list */ > @@ -1276,6 +1276,10 @@ > { > case LBN_SELCHANGE: > nSel = SendMessage((HWND)lParam, LB_GETCURSEL, > 0, 0); > + > + if(nSel == LB_ERR) > + break; > + > SendDlgItemMessage(hwndDlg, > IDC_IMAGE_CURRENT_CURSOR, STM_SETIMAGE, IMAGE_CURSOR, > > (LPARAM)g_CursorData[nSel].hCursor); > > EnableWindow(GetDlgItem(hwndDlg,IDC_BUTTON_USE_DEFAULT_CURSOR), > > _______________________________________________ Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
