https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f3506ee626bc2c32bb38a06011c7616ae2c93459
commit f3506ee626bc2c32bb38a06011c7616ae2c93459
Author: Hervé Poussineau <hpous...@reactos.org>
AuthorDate: Mon Sep 12 22:59:49 2022 +0200
Commit: Hervé Poussineau <hpous...@reactos.org>
CommitDate: Fri Sep 23 23:07:26 2022 +0200
[SHELL32] Prevent use after free
'buffer' is local to the function, while m_sPath is an instance class
member.
Fix that by calling the IShellLink::Resolve() function, which will allocate
and fill the m_sPath variable.
CORE-15229
---
dll/win32/shell32/CShellLink.cpp | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/dll/win32/shell32/CShellLink.cpp b/dll/win32/shell32/CShellLink.cpp
index 209961454e8..7ad91f5c2d9 100644
--- a/dll/win32/shell32/CShellLink.cpp
+++ b/dll/win32/shell32/CShellLink.cpp
@@ -2735,12 +2735,9 @@ LPWSTR SH_GetTargetTypeByPath(LPCWSTR lpcwFullPath)
BOOL CShellLink::OnInitDialog(HWND hwndDlg, HWND hwndFocus, LPARAM lParam)
{
- WCHAR buffer[MAX_PATH];
-
TRACE("CShellLink::OnInitDialog(hwnd %p hwndFocus %p lParam %p)\n",
hwndDlg, hwndFocus, lParam);
- if (m_pPidl && SHGetPathFromIDListW(m_pPidl, buffer))
- m_sPath = buffer;
+ Resolve(0, SLR_NO_UI | SLR_NOUPDATE | SLR_NOSEARCH | SLR_NOTRACK);
TRACE("m_sArgs: %S sComponent: %S m_sDescription: %S m_sIcoPath: %S
m_sPath: %S m_sPathRel: %S sProduct: %S m_sWorkDir: %S\n", m_sArgs, sComponent,
m_sDescription,
m_sIcoPath, m_sPath, m_sPathRel, sProduct, m_sWorkDir);
