[glib: 1/2] gwin32packageparser: Fix read past end of buffer




commit 032eceb9a1f61ea229b681fe769336e15541d4b5
Author: Jonathan Boeing <jonathan claws-mail org>
Date:   Wed Aug 4 08:55:13 2021 -0700

    gwin32packageparser: Fix read past end of buffer
    
    g_win32_package_parser_enum_packages() reads beyond the end of a buffer
    when doing a memcpy.  With app verifier enabled on Windows, it causes
    the application to crash on startup.
    
    This change limits the memcpy to the size of the source string.
    
    Fixes: #2454

 gio/gwin32packageparser.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/gio/gwin32packageparser.c b/gio/gwin32packageparser.c
index ad5302270..ee05bb1dd 100755
--- a/gio/gwin32packageparser.c
+++ b/gio/gwin32packageparser.c
@@ -390,7 +390,7 @@ g_win32_package_parser_enum_packages (GWin32PackageParserCallback   callback,
       wcs_path = LoadedWindowsGetStringRawBuffer (path, NULL);
       manifest_filename_size = wcslen (wcs_path) + wcslen (bslash_appmanifest);
       manifest_filename = g_new (wchar_t, manifest_filename_size + 1);
-      memcpy (manifest_filename, wcs_path, manifest_filename_size * sizeof (wchar_t));
+      memcpy (manifest_filename, wcs_path, wcslen (wcs_path) * sizeof (wchar_t));
       memcpy (&manifest_filename[wcslen (wcs_path)], bslash_appmanifest, (wcslen (bslash_appmanifest) + 1) * 
sizeof (wchar_t));
 
       memset (sax, 0, sizeof (*sax));


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]