[ros-diffs] [reactos] 01/01: [REGEDIT] Fix possible buffer overflow

Tue, 13 Sep 2022 11:49:59 -0700 

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=c8f4e4de62ce0e11fbd687794655027b83ec6b7e

commit c8f4e4de62ce0e11fbd687794655027b83ec6b7e
Author:     Mark Jansen <mark.jan...@reactos.org>
AuthorDate: Sat Aug 27 14:45:42 2022 +0200
Commit:     Mark Jansen <mark.jan...@reactos.org>
CommitDate: Tue Sep 13 20:49:00 2022 +0200

    [REGEDIT] Fix possible buffer overflow
---
 base/applications/regedit/find.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/base/applications/regedit/find.c b/base/applications/regedit/find.c
index 17de9b9b147..7dfe62f996c 100644
--- a/base/applications/regedit/find.c
+++ b/base/applications/regedit/find.c
@@ -32,7 +32,7 @@ static BOOL s_bAbort;
 
 static DWORD s_dwFlags;
 static WCHAR s_szName[MAX_PATH];
-static DWORD s_cbName;
+static DWORD s_cchName;
 static const WCHAR s_empty[] = L"";
 static const WCHAR s_backslash[] = L"\\";
 
@@ -174,8 +174,8 @@ BOOL RegFindRecurse(
         if (DoEvents())
             goto err;
 
-        s_cbName = MAX_PATH * sizeof(WCHAR);
-        lResult = RegEnumValueW(hSubKey, i, s_szName, &s_cbName, NULL, NULL,
+        s_cchName = _countof(s_szName);
+        lResult = RegEnumValueW(hSubKey, i, s_szName, &s_cchName, NULL, NULL,
                                NULL, &cb);
         if (lResult == ERROR_NO_MORE_ITEMS)
         {
@@ -184,7 +184,7 @@ BOOL RegFindRecurse(
         }
         if (lResult != ERROR_SUCCESS)
             goto err;
-        if (s_cbName >= MAX_PATH * sizeof(WCHAR))
+        if (s_cchName >= _countof(s_szName))
             continue;
 
         ppszNames[i] = _wcsdup(s_szName);
@@ -267,8 +267,8 @@ BOOL RegFindRecurse(
         if (DoEvents())
             goto err;
 
-        s_cbName = MAX_PATH * sizeof(WCHAR);
-        lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cbName, NULL, NULL,
+        s_cchName = _countof(s_szName);
+        lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cchName, NULL, NULL,
                                NULL, NULL);
         if (lResult == ERROR_NO_MORE_ITEMS)
         {
@@ -277,7 +277,7 @@ BOOL RegFindRecurse(
         }
         if (lResult != ERROR_SUCCESS)
             goto err;
-        if (s_cbName >= MAX_PATH * sizeof(WCHAR))
+        if (s_cchName >= _countof(s_szName))
             continue;
 
         ppszNames[i] = _wcsdup(s_szName);
@@ -416,8 +416,8 @@ BOOL RegFindWalk(
             if (DoEvents())
                 goto err;
 
-            s_cbName = MAX_PATH * sizeof(WCHAR);
-            lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cbName,
+            s_cchName = _countof(s_szName);
+            lResult = RegEnumKeyExW(hSubKey, i, s_szName, &s_cchName,
                                     NULL, NULL, NULL, NULL);
             if (lResult == ERROR_NO_MORE_ITEMS)
             {

Reply via email to