[ros-diffs] [fireball] 56888: [EXPLORER_NEW] - Fix possible buffer overflow: ExpandEnvironmentStrings wants character count size of a buffer, not byte sized. Spotted by Thomas Faber. See issue #6053 for more d...

[fireball]

Author: fireball
Date: Sat Jul 14 12:02:19 2012
New Revision: 56888

URL: http://svn.reactos.org/svn/reactos?rev=56888&view=rev
Log:
[EXPLORER_NEW]
- Fix possible buffer overflow: ExpandEnvironmentStrings wants character count 
size of a buffer, not byte sized. Spotted by Thomas Faber.
See issue #6053 for more details.

Modified:
    trunk/reactos/base/shell/explorer/services/startup.c

Modified: trunk/reactos/base/shell/explorer/services/startup.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/base/shell/explorer/services/startup.c?rev=56888&r1=56887&r2=56888&view=diff
==============================================================================
--- trunk/reactos/base/shell/explorer/services/startup.c [iso-8859-1] (original)
+++ trunk/reactos/base/shell/explorer/services/startup.c [iso-8859-1] Sat Jul 
14 12:02:19 2012
@@ -245,7 +245,7 @@
     DWORD exit_code=0;
     WCHAR szCmdLineExp[MAX_PATH+1]= L"\0";
 
-    ExpandEnvironmentStrings(cmdline, szCmdLineExp, sizeof(szCmdLineExp));
+    ExpandEnvironmentStringsW(cmdline, szCmdLineExp, sizeof(szCmdLineExp) / 
sizeof(WCHAR));
 
     memset(&si, 0, sizeof(si));
     si.cb=sizeof(si);