Author: tfaber
Date: Mon Oct 5 09:17:21 2015
New Revision: 69455
URL: http://svn.reactos.org/svn/reactos?rev=69455&view=rev
Log:
[RAPPS]
- Fix buffer overflow when displaying the URL in download dialog
Modified:
trunk/reactos/base/applications/rapps/loaddlg.c
Modified: trunk/reactos/base/applications/rapps/loaddlg.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/rapps/loaddlg.c?rev=69455&r1=69454&r2=69455&view=diff
==============================================================================
--- trunk/reactos/base/applications/rapps/loaddlg.c [iso-8859-1] (original)
+++ trunk/reactos/base/applications/rapps/loaddlg.c [iso-8859-1] Mon Oct 5
09:17:21 2015
@@ -143,27 +143,28 @@
Item = GetDlgItem(This->hDialog, IDC_DOWNLOAD_STATUS);
if (Item && szStatusText && wcslen(szStatusText) > 0 &&
This->UrlHasBeenCopied == FALSE)
{
- DWORD len = wcslen(szStatusText) * sizeof(WCHAR);
- PWSTR buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
+ DWORD len = wcslen(szStatusText) + 1;
+ PWSTR buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len *
sizeof(WCHAR));
if (buf)
{
/* beautify our url for display purposes */
InternetCanonicalizeUrl(szStatusText, buf, &len, ICU_DECODE |
ICU_NO_ENCODE);
-
- /* paste it into our dialog, free the temp buffer
- and don't do it again in this instance */
- SendMessageW(Item, WM_SETTEXT, 0, (LPARAM)buf);
+ }
+ else
+ {
+ /* just use the original */
+ buf = (PWSTR)szStatusText;
+ }
+
+ /* paste it into our dialog and don't do it again in this instance */
+ SendMessageW(Item, WM_SETTEXT, 0, (LPARAM)buf);
+ This->UrlHasBeenCopied = TRUE;
+
+ if (buf != szStatusText)
+ {
HeapFree(GetProcessHeap(), 0, buf);
}
- else
- {
- /* our computer is old and rusty and does not have enough ram for
this,
- use the ugly version and call it a day */
- SendMessageW(Item, WM_SETTEXT, 0, (LPARAM)szStatusText);
- }
-
- This->UrlHasBeenCopied = TRUE;
}
SetLastError(0);
