r23782 by jghali - Fix potential buffer overrun in GS detection code on Windows

Mon, 11 May 2020 15:57:00 -0700 

Author: jghali
Date: Mon May 11 22:56:03 2020
New Revision: 23782

URL: http://scribus.net/websvn/listing.php?repname=Scribus&sc=1&rev=23782
Log:
Fix potential buffer overrun in GS detection code on Windows

Modified:
    branches/Version14x/Scribus/scribus/util_ghostscript.cpp

Modified: branches/Version14x/Scribus/scribus/util_ghostscript.cpp
URL: 
http://scribus.net/websvn/diff.php?repname=Scribus&rev=23782&path=/branches/Version14x/Scribus/scribus/util_ghostscript.cpp
==============================================================================
--- branches/Version14x/Scribus/scribus/util_ghostscript.cpp    (original)
+++ branches/Version14x/Scribus/scribus/util_ghostscript.cpp    Mon May 11 
22:56:03 2020
@@ -349,13 +349,13 @@
        QMap<int, QString> gsVersions;
 #if defined _WIN32
        // Try to locate GhostScript thanks to the registry
-       DWORD size;
+       DWORD size, regVersionSize;
        HKEY hKey1, hKey2;
        DWORD regType = REG_SZ;
        REGSAM flags  = KEY_READ;
-       WCHAR regVersion[MAX_PATH];
-       WCHAR regPath[MAX_PATH];
-       WCHAR gsPath[MAX_PATH];
+       WCHAR regVersion[MAX_PATH] = {};
+       WCHAR regPath[MAX_PATH] = {};
+       WCHAR gsPath[MAX_PATH] = {};
        QString gsVersion, gsExeName, gsName;
 
        bool isWin64Api = false;
@@ -372,9 +372,9 @@
 
        if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, (LPCWSTR) regKey.utf16(), 0, 
flags, &hKey1) == ERROR_SUCCESS)
        {
-               size = sizeof(regVersion)/sizeof(WCHAR) - 1;
+               regVersionSize = sizeof(regVersion) / sizeof(WCHAR) - 1;
                DWORD keyIndex = 0;
-               while (RegEnumKeyExW(hKey1, keyIndex, regVersion, &size, NULL, 
NULL, NULL, NULL) == ERROR_SUCCESS)
+               while (RegEnumKeyExW(hKey1, keyIndex, regVersion, 
&regVersionSize, NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
                {
                        int gsNumericVer, gsMajor, gsMinor;
                        wcscpy(regPath, (const wchar_t*) regKey.utf16());
@@ -382,7 +382,7 @@
                        wcscat(regPath, regVersion);
                        if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, regPath, 0, 
flags, &hKey2) == ERROR_SUCCESS)
                        {
-                               size = sizeof(gsPath) - 1;
+                               size = sizeof(gsPath) - 2;
                                if (RegQueryValueExW(hKey2, L"GS_DLL", 0, 
&regType, (LPBYTE) gsPath, &size) == ERROR_SUCCESS)
                                {
                                        // We now have GhostScript dll path, 
but we want gswin32c.exe


_______________________________________________
scribus-commit mailing list
[email protected]
http://lists.scribus.net/mailman/listinfo/scribus-commit

Reply via email to