[ros-diffs] [reactos] 01/01: [SHELL32] SHELL_ArgifyW(): don't use SearchPathW() for receiving a path to a file (#7605)

Fri, 10 Jan 2025 11:46:08 -0800 

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e5a6b0f8e572ee1872b987ad7d10418eac073cdf

commit e5a6b0f8e572ee1872b987ad7d10418eac073cdf
Author:     Oleg Dubinskiy <[email protected]>
AuthorDate: Fri Jan 10 20:45:43 2025 +0100
Commit:     GitHub <[email protected]>
CommitDate: Fri Jan 10 20:45:43 2025 +0100

    [SHELL32] SHELL_ArgifyW(): don't use SearchPathW() for receiving a path to 
a file (#7605)
    
    Get rid from bogus SearchPathW() call, which is marked as most likely not 
needed in the comment above (by Wine). Simply get a length of the file name and 
use the file name directly instead, with checking for its validity too. 
Similarly as it's done for other cases.
    That call seems actually not needed because it is already done using 
SearchPathW() in another parts of the code in this file, before calling 
SHELL_ArgifyW().
    Fixes another heap corruption when trying to login via OAuth menthod in 
SpotifyXP 2.0.3 Beta (nightly build). The previous commit did not fix the bug 
fully, as I discovered it later.
    CORE-19953
---
 dll/win32/shell32/shlexec.cpp | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/dll/win32/shell32/shlexec.cpp b/dll/win32/shell32/shlexec.cpp
index 85c7feab0ff..f03db3de0e7 100644
--- a/dll/win32/shell32/shlexec.cpp
+++ b/dll/win32/shell32/shlexec.cpp
@@ -197,11 +197,9 @@ static void ParseTildeEffect(PWSTR &res, LPCWSTR &args, 
DWORD &len, DWORD &used,
 
 static BOOL SHELL_ArgifyW(WCHAR* out, DWORD len, const WCHAR* fmt, const 
WCHAR* lpFile, LPITEMIDLIST pidl, LPCWSTR args, DWORD* out_len, const WCHAR* 
lpDir)
 {
-    WCHAR   xlpFile[1024];
     BOOL    done = FALSE;
     BOOL    found_p1 = FALSE;
     PWSTR   res = out;
-    PCWSTR  cmd;
     DWORD   used = 0;
     bool    tildeEffect = false;
 
@@ -279,20 +277,14 @@ static BOOL SHELL_ArgifyW(WCHAR* out, DWORD len, const 
WCHAR* fmt, const WCHAR*
                 break;
 
                 case '1':
-                    if (!done || (*fmt == '1'))
+                    if ((!done || (*fmt == '1')) && lpFile)
                     {
-                        /*FIXME Is the call to SearchPathW() really needed? We 
already have separated out the parameter string in args. */
-                        if (SearchPathW(lpDir, lpFile, L".exe", 
ARRAY_SIZE(xlpFile), xlpFile, NULL))
-                            cmd = xlpFile;
-                        else
-                            cmd = lpFile;
-
-                        SIZE_T cmdlen = wcslen(cmd);
-                        used += cmdlen;
+                        SIZE_T filelen = wcslen(lpFile);
+                        used += filelen;
                         if (used < len)
                         {
-                            wcscpy(res, cmd);
-                            res += cmdlen;
+                            wcscpy(res, lpFile);
+                            res += filelen;
                         }
                     }
                     found_p1 = TRUE;

Reply via email to