Amebis/wxWidgets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix buffer overflow in wxURLDataObject.

Browse Source 
The code in CFSTR_SHELLURLDataObject::GetDataHere() was confused by
ANSI/Unicode and ended up overwriting output buffer because of it. Moreover,
this function was actually completely unnecessary as the base class version
did work correctly.

Closes #11102 (thanks to Tim Kosse).

git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@61788 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775
This commit is contained in:
Vadim Zeitlin
2009-08-30 17:25:42 +00:00
parent cd67a80a9a
commit 791f7574a0
2 changed files with 38 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/msw/ole/dataobj.cpp
View File

@@ -1182,23 +1182,6 @@ public:
return buffer;
}
#if wxUSE_UNICODE
virtual bool GetDataHere( void* buffer ) const
{
// CFSTR_SHELLURL is _always_ ANSI!
wxCharBuffer char_buffer( GetDataSize() );
wxCustomDataObject::GetDataHere( (void*)char_buffer.data() );
wxString unicode_buffer( char_buffer, wxConvLibc );
memcpy( buffer, unicode_buffer.c_str(),
( unicode_buffer.length() + 1 ) * sizeof(wxChar) );
return true;
}
virtual bool GetDataHere(const wxDataFormat& WXUNUSED(format),
void *buf) const
{ return GetDataHere(buf); }
#endif
wxDECLARE_NO_COPY_CLASS(CFSTR_SHELLURLDataObject);
};
@@ -1236,9 +1219,28 @@ wxString wxURLDataObject::GetURL() const
wxString url;
wxCHECK_MSG( m_dataObjectLast, url, wxT("no data in wxURLDataObject") );
size_t len = m_dataObjectLast->GetDataSize();
if ( m_dataObjectLast->GetPreferredFormat() == CFSTR_SHELLURL )
{
const size_t len = m_dataObjectLast->GetDataSize();
if ( !len )
return wxString();
m_dataObjectLast->GetDataHere(wxStringBuffer(url, len));
// CFSTR_SHELLURL is always ANSI so we need to convert it from it in
// Unicode build
#if wxUSE_UNICODE
wxCharBuffer buf(len);
if ( m_dataObjectLast->GetDataHere(buf.data()) )
url = buf;
#else // !wxUSE_UNICODE
// in ANSI build no conversion is necessary
m_dataObjectLast->GetDataHere(wxStringBuffer(url, len));
#endif // wxUSE_UNICODE/!wxUSE_UNICODE
}
else // must be wxTextDataObject
{
url = static_cast<wxTextDataObject *>(m_dataObjectLast)->GetText();
}
return url;
}