From c61ae4d19028aff3c8675f6ae0e12a9d7a44440e Mon Sep 17 00:00:00 2001 From: Vadim Zeitlin Date: Sun, 2 Mar 2014 15:50:17 +0000 Subject: [PATCH] Fix off by 1 error in buffer size in wxOSX wxDropTarget code. The size of the buffer used for the data currently needs to include an extra byte for the trailing NUL. This is wrong, as it means that GetDataSize() and GetDataHere() behaviour is not consistent, but at least avoid overrunning the buffer for now. Also use wxCharBuffer instead of raw char array to make the code safer (both because it releases the memory automatically and because it also adds an extra byte for the trailing NUL automatically as well, making such bugs impossible). See #15914. git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/branches/WX_3_0_BRANCH@76050 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775 --- docs/changes.txt | 1 + src/osx/dnd_osx.cpp | 7 +++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index e9f8b2de11..173869152d 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -639,6 +639,7 @@ wxMSW: wxOSX: +- Fix buffer overrun in drag-and-drop code (Kristian Duske). - Fix incorrect joystick detection in configure (Lauri Nurmi). - Fix crash in wxDataViewCtrl when cancelling choice selection (hartwigw). - Implement support for wxGA_VERTICAL in wxGauge (themindiswatching). diff --git a/src/osx/dnd_osx.cpp b/src/osx/dnd_osx.cpp index ab6f153b53..4170c5a5cf 100644 --- a/src/osx/dnd_osx.cpp +++ b/src/osx/dnd_osx.cpp @@ -129,10 +129,9 @@ bool wxDropTarget::GetData() } else { - char *d = new char[size]; - data->GetDataHere( format, (void*)d ); - m_dataObject->SetData( format, size, d ); - delete [] d; + wxCharBuffer d(size); + data->GetDataHere( format, d.data() ); + m_dataObject->SetData( format, size, d.data() ); } } }