Fierelier/notepad-plus-plus-legacy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[EU-FOSSA] Fix stack buffer overflow on wsprintf in WordStyle dialog

Browse Source 
Also remove dynamic allocation for CB_GETLBTEXT and use local array instead by controlling buffer size.
This commit is contained in:
Don HO 2019-02-09 03:28:52 +01:00
parent 0438447194
commit 58037e07b1
4 changed files with 46 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
PowerEditor/src/ScitillaComponent/FindReplaceDlg.cpp
View File

@ -401,6 +401,7 @@ void FindReplaceDlg::saveFindHistory()
int FindReplaceDlg::saveComboHistory(int id, int maxcount, vector<generic_string> & strings, bool saveEmpty) int FindReplaceDlg::saveComboHistory(int id, int maxcount, vector<generic_string> & strings, bool saveEmpty)
{ {
TCHAR text[FINDREPLACE_MAXLENGTH];
HWND hCombo = ::GetDlgItem(_hSelf, id); HWND hCombo = ::GetDlgItem(_hSelf, id);
int count = static_cast<int32_t>(::SendMessage(hCombo, CB_GETCOUNT, 0, 0)); int count = static_cast<int32_t>(::SendMessage(hCombo, CB_GETCOUNT, 0, 0));
count = min(count, maxcount); count = min(count, maxcount);
@ -421,11 +422,11 @@ int FindReplaceDlg::saveComboHistory(int id, int maxcount, vector<generic_string
for (int i = 0 ; i < count ; ++i) for (int i = 0 ; i < count ; ++i)
{ {
auto cbTextLen = ::SendMessage(hCombo, CB_GETLBTEXTLEN, i, 0); auto cbTextLen = ::SendMessage(hCombo, CB_GETLBTEXTLEN, i, 0);
TCHAR * text = new TCHAR[cbTextLen + 1]; if (cbTextLen <= FINDREPLACE_MAXLENGTH - 1)
{
::SendMessage(hCombo, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(text)); ::SendMessage(hCombo, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(text));
strings.push_back(generic_string(text)); strings.push_back(generic_string(text));
delete[] text; }
} }
return count; return count;
} }

25
PowerEditor/src/ScitillaComponent/UserDefineDialog.cpp
View File

@ -1139,8 +1139,12 @@ INT_PTR CALLBACK UserDefineDialog::run_dlgProc(UINT message, WPARAM wParam, LPAR
if (result == IDYES) if (result == IDYES)
{ {
auto i = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETCURSEL, 0, 0); auto i = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETCURSEL, 0, 0);
auto cbTextLen = ::SendMessage(_hSelf, CB_GETLBTEXTLEN, i, 0); const size_t langNameLen = 256;
TCHAR * langName = new TCHAR[cbTextLen + 1]; TCHAR langName[langNameLen + 1];
auto cbTextLen = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXTLEN, i, 0);
if (cbTextLen > langNameLen)
return TRUE;
::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(langName)); ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(langName));
//remove current language from combobox //remove current language from combobox
@ -1158,16 +1162,18 @@ INT_PTR CALLBACK UserDefineDialog::run_dlgProc(UINT message, WPARAM wParam, LPAR
::RemoveMenu(subMenu, static_cast<UINT>(IDM_LANG_USER + i), MF_BYCOMMAND); ::RemoveMenu(subMenu, static_cast<UINT>(IDM_LANG_USER + i), MF_BYCOMMAND);
::DrawMenuBar(hNpp); ::DrawMenuBar(hNpp);
::SendMessage(_hParent, WM_REMOVE_USERLANG, 0, reinterpret_cast<LPARAM>(langName)); ::SendMessage(_hParent, WM_REMOVE_USERLANG, 0, reinterpret_cast<LPARAM>(langName));
delete[] langName;
} }
return TRUE; return TRUE;
} }
case IDC_RENAME_BUTTON : case IDC_RENAME_BUTTON :
{ {
auto i = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETCURSEL, 0, 0); auto i = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETCURSEL, 0, 0);
const size_t langNameLen = 256;
TCHAR langName[langNameLen + 1];
auto cbTextLen = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXTLEN, i, 0); auto cbTextLen = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXTLEN, i, 0);
TCHAR * langName = new TCHAR[cbTextLen + 1]; if (cbTextLen > langNameLen)
return TRUE;
::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(langName)); ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(langName));
StringDlg strDlg; StringDlg strDlg;
@ -1203,8 +1209,6 @@ INT_PTR CALLBACK UserDefineDialog::run_dlgProc(UINT message, WPARAM wParam, LPAR
::ModifyMenu(hSubM, static_cast<UINT>(IDM_LANG_USER + i), MF_BYCOMMAND, IDM_LANG_USER + i, newName); ::ModifyMenu(hSubM, static_cast<UINT>(IDM_LANG_USER + i), MF_BYCOMMAND, IDM_LANG_USER + i, newName);
::DrawMenuBar(hNpp); ::DrawMenuBar(hNpp);
::SendMessage(_hParent, WM_RENAME_USERLANG, reinterpret_cast<WPARAM>(newName), reinterpret_cast<LPARAM>(langName)); ::SendMessage(_hParent, WM_RENAME_USERLANG, reinterpret_cast<WPARAM>(newName), reinterpret_cast<LPARAM>(langName));
delete[] langName;
} }
return TRUE; return TRUE;
@ -1589,9 +1593,14 @@ INT_PTR CALLBACK StylerDlg::dlgProc(HWND hwnd, UINT message, WPARAM wParam, LPAR
auto i = ::SendDlgItemMessage(hwnd, LOWORD(wParam), CB_GETCURSEL, 0, 0); auto i = ::SendDlgItemMessage(hwnd, LOWORD(wParam), CB_GETCURSEL, 0, 0);
if (LOWORD(wParam) == IDC_STYLER_COMBO_FONT_SIZE) if (LOWORD(wParam) == IDC_STYLER_COMBO_FONT_SIZE)
{ {
TCHAR intStr[32];
if (i != 0) if (i != 0)
{ {
const size_t intStrLen = 3;
TCHAR intStr[intStrLen];
auto lbTextLen = ::SendDlgItemMessage(hwnd, LOWORD(wParam), CB_GETLBTEXTLEN, i, 0);
if (lbTextLen > intStrLen - 1)
return TRUE;
::SendDlgItemMessage(hwnd, LOWORD(wParam), CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(intStr)); ::SendDlgItemMessage(hwnd, LOWORD(wParam), CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(intStr));
if ((!intStr) || (!intStr[0])) if ((!intStr) || (!intStr[0]))
style._fontSize = -1; style._fontSize = -1;

14
PowerEditor/src/WinControls/ColourPicker/WordStyleDlg.cpp
View File

@ -543,10 +543,17 @@ void WordStyleDlg::updateFontSize()
Style & style = getCurrentStyler(); Style & style = getCurrentStyler();
auto iFontSizeSel = ::SendMessage(_hFontSizeCombo, CB_GETCURSEL, 0, 0); auto iFontSizeSel = ::SendMessage(_hFontSizeCombo, CB_GETCURSEL, 0, 0);
TCHAR intStr[32];
if (iFontSizeSel != 0) if (iFontSizeSel != 0)
{ {
const size_t intStrLen = 3;
TCHAR intStr[intStrLen];
auto lbTextLen = ::SendMessage(_hFontSizeCombo, CB_GETLBTEXTLEN, iFontSizeSel, 0);
if (lbTextLen >= intStrLen)
return;
::SendMessage(_hFontSizeCombo, CB_GETLBTEXT, iFontSizeSel, reinterpret_cast<LPARAM>(intStr)); ::SendMessage(_hFontSizeCombo, CB_GETLBTEXT, iFontSizeSel, reinterpret_cast<LPARAM>(intStr));
if (!intStr[0]) if (!intStr[0])
style._fontSize = STYLE_NOT_USED; style._fontSize = STYLE_NOT_USED;
else else
@ -783,9 +790,10 @@ void WordStyleDlg::setVisualFromStyleList()
//-- font size //-- font size
isEnable = false; isEnable = false;
TCHAR intStr[5] = TEXT(""); const size_t intStrLen = 3;
TCHAR intStr[intStrLen];
LRESULT iFontSize = 0; LRESULT iFontSize = 0;
if (style._fontSize != STYLE_NOT_USED) if (style._fontSize != STYLE_NOT_USED && style._fontSize < 100) // style._fontSize has only 2 digits
{ {
wsprintf(intStr, TEXT("%d"), style._fontSize); wsprintf(intStr, TEXT("%d"), style._fontSize);
iFontSize = ::SendMessage(_hFontSizeCombo, CB_FINDSTRING, 1, reinterpret_cast<LPARAM>(intStr)); iFontSize = ::SendMessage(_hFontSizeCombo, CB_FINDSTRING, 1, reinterpret_cast<LPARAM>(intStr));

18
PowerEditor/src/WinControls/Preference/preferenceDlg.cpp
View File

@ -539,12 +539,14 @@ INT_PTR CALLBACK BarsDlg::run_dlgProc(UINT message, WPARAM wParam, LPARAM)
{ {
LocalizationSwitcher & localizationSwitcher = pNppParam->getLocalizationSwitcher(); LocalizationSwitcher & localizationSwitcher = pNppParam->getLocalizationSwitcher();
auto index = ::SendDlgItemMessage(_hSelf, IDC_COMBO_LOCALIZATION, CB_GETCURSEL, 0, 0); auto index = ::SendDlgItemMessage(_hSelf, IDC_COMBO_LOCALIZATION, CB_GETCURSEL, 0, 0);
auto cbTextLen = ::SendMessage(_hSelf, CB_GETLBTEXTLEN, index, 0); TCHAR langName[MAX_PATH];
TCHAR * langName = new TCHAR[cbTextLen + 1]; auto cbTextLen = ::SendDlgItemMessage(_hSelf, IDC_COMBO_LOCALIZATION, CB_GETLBTEXTLEN, index, 0);
if (cbTextLen > MAX_PATH - 1)
return TRUE;
::SendDlgItemMessage(_hSelf, IDC_COMBO_LOCALIZATION, CB_GETLBTEXT, index, reinterpret_cast<LPARAM>(langName)); ::SendDlgItemMessage(_hSelf, IDC_COMBO_LOCALIZATION, CB_GETLBTEXT, index, reinterpret_cast<LPARAM>(langName));
if (langName[0]) if (langName[0])
{ {
// Make English as basic language // Make English as basic language
if (localizationSwitcher.switchToLang(TEXT("English"))) if (localizationSwitcher.switchToLang(TEXT("English")))
{ {
@ -557,8 +559,6 @@ INT_PTR CALLBACK BarsDlg::run_dlgProc(UINT message, WPARAM wParam, LPARAM)
::InvalidateRect(_hParent, NULL, TRUE); ::InvalidateRect(_hParent, NULL, TRUE);
} }
} }
delete[] langName;
} }
return TRUE; return TRUE;
default: default:
@ -2321,7 +2321,13 @@ INT_PTR CALLBACK PrintSettingsDlg::run_dlgProc(UINT message, WPARAM wParam, LPAR
case IDC_COMBO_HFONTSIZE : case IDC_COMBO_HFONTSIZE :
case IDC_COMBO_FFONTSIZE : case IDC_COMBO_FFONTSIZE :
{ {
TCHAR intStr[32]; const size_t intStrLen = 3;
TCHAR intStr[intStrLen];
auto lbTextLen = ::SendDlgItemMessage(_hSelf, LOWORD(wParam), CB_GETLBTEXTLEN, iSel, 0);
if (lbTextLen >= intStrLen)
return TRUE;
::SendDlgItemMessage(_hSelf, LOWORD(wParam), CB_GETLBTEXT, iSel, reinterpret_cast<LPARAM>(intStr)); ::SendDlgItemMessage(_hSelf, LOWORD(wParam), CB_GETLBTEXT, iSel, reinterpret_cast<LPARAM>(intStr));
int *pVal = (LOWORD(wParam) == IDC_COMBO_HFONTSIZE)?&(nppGUI._printSettings._headerFontSize):&(nppGUI._printSettings._footerFontSize); int *pVal = (LOWORD(wParam) == IDC_COMBO_HFONTSIZE)?&(nppGUI._printSettings._headerFontSize):&(nppGUI._printSettings._footerFontSize);