Amebis/wxWidgets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Guard against invalid string values of length 1 in wxRegKey

Browse Source 
It is not really clear if it can happen, but avoid integer underflow in case
it somehow does and just discard the single byte which can't represent a valid
UTF-16 character anyhow.

See #16719.
This commit is contained in:
Steffen Olszewski
2016-01-30 00:45:40 +01:00
committed by Vadim Zeitlin
parent 142edf8b78
commit d00fef689f
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/msw/registry.cpp
View File

@@ -1023,7 +1023,9 @@ bool wxRegKey::QueryValue(const wxString& szValue,
return false; return false;
} }
if ( !dwSize ) // We need length in characters, not bytes.
DWORD chars = dwSize / sizeof(wxChar);
if ( !chars )
{ {
// must treat this case specially as GetWriteBuf() doesn't like // must treat this case specially as GetWriteBuf() doesn't like
// being called with 0 size // being called with 0 size
@@ -1033,9 +1035,6 @@ bool wxRegKey::QueryValue(const wxString& szValue,
{ {
// extra scope for wxStringBufferLength // extra scope for wxStringBufferLength
{ {
// We need length in characters, not bytes.
DWORD chars = dwSize / sizeof(wxChar);
wxStringBufferLength strBuf(strValue, chars); wxStringBufferLength strBuf(strValue, chars);
m_dwLastError = RegQueryValueEx((HKEY) m_hKey, m_dwLastError = RegQueryValueEx((HKEY) m_hKey,
RegValueStr(szValue), RegValueStr(szValue),