From 5b1f530204465350a1c7f5ad01eaa94414c3c62f Mon Sep 17 00:00:00 2001
From: Don HO <don.h@free.fr>
Date: Thu, 17 Jan 2019 13:56:41 +0100
Subject: [PATCH] [EU-FOSSA] Fix crash issue due to heap overflow in
 clipboardHistoryPanel.cpp

When the amount of clipboard data is too important, it makes crash of function WideCharToMultiByte (win32 API).
The remedy is to capture this error to prevent Notepad++ from crash.
---
 .../clipboardHistoryPanel.cpp                 | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/PowerEditor/src/WinControls/ClipboardHistory/clipboardHistoryPanel.cpp b/PowerEditor/src/WinControls/ClipboardHistory/clipboardHistoryPanel.cpp
index fa580f7a..5fd52712 100644
--- a/PowerEditor/src/WinControls/ClipboardHistory/clipboardHistoryPanel.cpp
+++ b/PowerEditor/src/WinControls/ClipboardHistory/clipboardHistoryPanel.cpp
@@ -248,16 +248,24 @@ INT_PTR CALLBACK ClipboardHistoryPanel::run_dlgProc(UINT message, WPARAM wParam,
 								codepage = SC_CP_UTF8;
 
 							ByteArray ba(_clipboardDataVector[i]);
+							char* c = nullptr;
+							try {
+								int nbChar = WideCharToMultiByte(codepage, 0, (wchar_t *)ba.getPointer(), static_cast<int32_t>(ba.getLength()), NULL, 0, NULL, NULL);
 
-							int nbChar = WideCharToMultiByte(codepage, 0, (wchar_t *)ba.getPointer(), static_cast<int32_t>(ba.getLength()), NULL, 0, NULL, NULL);
+								c = new char[nbChar + 1];
+								WideCharToMultiByte(codepage, 0, (wchar_t *)ba.getPointer(), static_cast<int32_t>(ba.getLength()), c, nbChar + 1, NULL, NULL);
 
-							char *c = new char[nbChar+1];
-							WideCharToMultiByte(codepage, 0, (wchar_t *)ba.getPointer(), static_cast<int32_t>(ba.getLength()), c, nbChar + 1, NULL, NULL);
-
-							(*_ppEditView)->execute(SCI_REPLACESEL, 0, reinterpret_cast<LPARAM>(""));
-							(*_ppEditView)->execute(SCI_ADDTEXT, strlen(c), reinterpret_cast<LPARAM>(c));
-							(*_ppEditView)->getFocus();
-							delete [] c;
+								(*_ppEditView)->execute(SCI_REPLACESEL, 0, reinterpret_cast<LPARAM>(""));
+								(*_ppEditView)->execute(SCI_ADDTEXT, strlen(c), reinterpret_cast<LPARAM>(c));
+								(*_ppEditView)->getFocus();
+								delete[] c;
+							}
+							catch (...)
+							{
+								MessageBox(_hSelf,	TEXT("Cannot process this clipboard data in the history:\nThe data is too large to be treated."), TEXT("Clipboard problem"), MB_OK | MB_APPLMODAL);
+								if (c)
+									delete[] c;
+							}
 						}
 					}
 					return TRUE;