[ros-diffs] [rmessiant] 50135: [WIN32K] - IntCreateWindow: Fill out MaximumLength field of the window name. Fixes potential buffer overflow in at least NtUserDefSetText.
rmessiant at svn.reactos.org
rmessiant at svn.reactos.org
Sat Dec 25 05:27:02 UTC 2010
Author: rmessiant
Date: Sat Dec 25 05:27:01 2010
New Revision: 50135
URL: http://svn.reactos.org/svn/reactos?rev=50135&view=rev
Log:
[WIN32K]
- IntCreateWindow: Fill out MaximumLength field of the window name. Fixes potential buffer overflow in at least NtUserDefSetText.
Modified:
trunk/reactos/subsystems/win32/win32k/ntuser/window.c
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntuser/window.c?rev=50135&r1=50134&r2=50135&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] Sat Dec 25 05:27:01 2010
@@ -1759,6 +1759,7 @@
RtlCopyMemory(pWnd->strName.Buffer, WindowName->Buffer, WindowName->Length);
pWnd->strName.Buffer[WindowName->Length / sizeof(WCHAR)] = L'\0';
pWnd->strName.Length = WindowName->Length;
+ pWnd->strName.MaximumLength = WindowName->Length + sizeof(UNICODE_NULL);
}
/* Correct the window style. */
More information about the Ros-diffs
mailing list