Re: [ros-dev] [ros-diffs] [khornicek] 62665: [MAIN] - fix a copypasta - fix a possible buffer overrun (x5) - fix a negative array index access

[Kamil Hornicek]

There's too many of these and I personally don't want to introduce more 
bugs (confusing src and dest etc) because there's no way I can properly 
test all of them. Maybe someone would pick this up if we offered to pay 
for it.

K.
Dne 6.4.2014 18:53, Thomas Faber napsal(a):
You guys should consider replacing that stuff with strsafe functions
while you're at it ;)


On 2014-04-06 18:45, khorni...@svn.reactos.org wrote:
Author: khornicek
Date: Sun Apr  6 16:45:21 2014
New Revision: 62665

URL: http://svn.reactos.org/svn/reactos?rev=62665&view=rev
Log:
[MAIN]
- fix a copypasta
- fix a possible buffer overrun (x5)
- fix a negative array index access

Modified:
     trunk/reactos/dll/cpl/main/mouse.c

Modified: trunk/reactos/dll/cpl/main/mouse.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/main/mouse.c?rev=62665&r1=62664&r2=62665&view=diff
==============================================================================
--- trunk/reactos/dll/cpl/main/mouse.c  [iso-8859-1] (original)
+++ trunk/reactos/dll/cpl/main/mouse.c  [iso-8859-1] Sun Apr  6 16:45:21 2014
@@ -499,7 +499,7 @@
                  /* Remove quotation marks */
                  if (szTempData[0] == _T('"'))
                  {
-                    lpStart = szValueData + 1;
+                    lpStart = szTempData + 1;
                      szTempData[_tcslen(szTempData) - 1] = 0;
                  }
                  else
@@ -1022,9 +1022,9 @@
  static VOID
  LoadInitialCursorScheme(HWND hwndDlg)
  {
-    TCHAR szSchemeName[256];
-    TCHAR szSystemScheme[256];
-    TCHAR szCursorPath[256];
+    TCHAR szSchemeName[MAX_PATH];
+    TCHAR szSystemScheme[MAX_PATH];
+    TCHAR szCursorPath[MAX_PATH];
      HKEY hCursorKey;
      LONG lError;
      DWORD dwDataSize;
@@ -1057,7 +1057,7 @@

      if (dwSchemeSource != 0)
      {
-        dwDataSize = 256 * sizeof(TCHAR);
+        dwDataSize = MAX_PATH * sizeof(TCHAR);
          lError = RegQueryValueEx(hCursorKey,
                                   NULL,
                                   NULL,
@@ -1101,8 +1101,8 @@
      else if (dwSchemeSource == 2)
      {
          LoadString(hApplet, IDS_SYSTEM_SCHEME, szSystemScheme, MAX_PATH);
-        _tcscat(szSchemeName, _T(" "));
-        _tcscat(szSchemeName, szSystemScheme);
+        _tcsncat(szSchemeName, _T(" "), MAX_PATH - _tcslen(szSchemeName));
+        _tcsncat(szSchemeName, szSystemScheme, MAX_PATH - 
_tcslen(szSchemeName));
      }

      /* Search and select the curent scheme name from the scheme list */
@@ -1276,6 +1276,10 @@
                      {
                          case LBN_SELCHANGE:
                              nSel = SendMessage((HWND)lParam, LB_GETCURSEL, 0, 
0);
+
+                            if(nSel == LB_ERR)
+                                break;
+
                              SendDlgItemMessage(hwndDlg, 
IDC_IMAGE_CURRENT_CURSOR, STM_SETIMAGE, IMAGE_CURSOR,
                                                 
(LPARAM)g_CursorData[nSel].hCursor);
                              
EnableWindow(GetDlgItem(hwndDlg,IDC_BUTTON_USE_DEFAULT_CURSOR),




_______________________________________________
Ros-dev mailing list
Ros-dev@reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev

_______________________________________________
Ros-dev mailing list
Ros-dev@reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev