Fierelier/notepad-plus-plus-legacy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[EU-FOSSA] Fix stack buffer overflow on CB_GETLBTEXT

Browse Source
This commit is contained in:
Don HO 2019-02-08 12:38:34 +01:00
parent dfb9b5e330
commit cdd13ecadc
4 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
PowerEditor/src/ScitillaComponent/FindReplaceDlg.cpp
View File

@ -401,7 +401,6 @@ void FindReplaceDlg::saveFindHistory()
int FindReplaceDlg::saveComboHistory(int id, int maxcount, vector<generic_string> & strings, bool saveEmpty) int FindReplaceDlg::saveComboHistory(int id, int maxcount, vector<generic_string> & strings, bool saveEmpty)
{ {
TCHAR text[FINDREPLACE_MAXLENGTH];
HWND hCombo = ::GetDlgItem(_hSelf, id); HWND hCombo = ::GetDlgItem(_hSelf, id);
int count = static_cast<int32_t>(::SendMessage(hCombo, CB_GETCOUNT, 0, 0)); int count = static_cast<int32_t>(::SendMessage(hCombo, CB_GETCOUNT, 0, 0));
count = min(count, maxcount); count = min(count, maxcount);
@ -421,8 +420,12 @@ int FindReplaceDlg::saveComboHistory(int id, int maxcount, vector<generic_string
for (int i = 0 ; i < count ; ++i) for (int i = 0 ; i < count ; ++i)
{ {
auto cbTextLen = ::SendMessage(hCombo, CB_GETLBTEXTLEN, i, 0);
TCHAR * text = new TCHAR[cbTextLen + 1];
::SendMessage(hCombo, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(text)); ::SendMessage(hCombo, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(text));
strings.push_back(generic_string(text)); strings.push_back(generic_string(text));
delete[] text;
} }
return count; return count;
} }

12
PowerEditor/src/ScitillaComponent/UserDefineDialog.cpp
View File

@ -1139,7 +1139,8 @@ INT_PTR CALLBACK UserDefineDialog::run_dlgProc(UINT message, WPARAM wParam, LPAR
if (result == IDYES) if (result == IDYES)
{ {
auto i = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETCURSEL, 0, 0); auto i = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETCURSEL, 0, 0);
TCHAR langName[256]; auto cbTextLen = ::SendMessage(_hSelf, CB_GETLBTEXTLEN, i, 0);
TCHAR * langName = new TCHAR[cbTextLen + 1];
::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(langName)); ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(langName));
//remove current language from combobox //remove current language from combobox
@ -1157,13 +1158,16 @@ INT_PTR CALLBACK UserDefineDialog::run_dlgProc(UINT message, WPARAM wParam, LPAR
::RemoveMenu(subMenu, static_cast<UINT>(IDM_LANG_USER + i), MF_BYCOMMAND); ::RemoveMenu(subMenu, static_cast<UINT>(IDM_LANG_USER + i), MF_BYCOMMAND);
::DrawMenuBar(hNpp); ::DrawMenuBar(hNpp);
::SendMessage(_hParent, WM_REMOVE_USERLANG, 0, reinterpret_cast<LPARAM>(langName)); ::SendMessage(_hParent, WM_REMOVE_USERLANG, 0, reinterpret_cast<LPARAM>(langName));
delete[] langName;
} }
return TRUE; return TRUE;
} }
case IDC_RENAME_BUTTON : case IDC_RENAME_BUTTON :
{ {
TCHAR langName[256];
auto i = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETCURSEL, 0, 0); auto i = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETCURSEL, 0, 0);
auto cbTextLen = ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXTLEN, i, 0);
TCHAR * langName = new TCHAR[cbTextLen + 1];
::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(langName)); ::SendDlgItemMessage(_hSelf, IDC_LANGNAME_COMBO, CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(langName));
StringDlg strDlg; StringDlg strDlg;
@ -1199,6 +1203,8 @@ INT_PTR CALLBACK UserDefineDialog::run_dlgProc(UINT message, WPARAM wParam, LPAR
::ModifyMenu(hSubM, static_cast<UINT>(IDM_LANG_USER + i), MF_BYCOMMAND, IDM_LANG_USER + i, newName); ::ModifyMenu(hSubM, static_cast<UINT>(IDM_LANG_USER + i), MF_BYCOMMAND, IDM_LANG_USER + i, newName);
::DrawMenuBar(hNpp); ::DrawMenuBar(hNpp);
::SendMessage(_hParent, WM_RENAME_USERLANG, reinterpret_cast<WPARAM>(newName), reinterpret_cast<LPARAM>(langName)); ::SendMessage(_hParent, WM_RENAME_USERLANG, reinterpret_cast<WPARAM>(newName), reinterpret_cast<LPARAM>(langName));
delete[] langName;
} }
return TRUE; return TRUE;
@ -1583,7 +1589,7 @@ INT_PTR CALLBACK StylerDlg::dlgProc(HWND hwnd, UINT message, WPARAM wParam, LPAR
auto i = ::SendDlgItemMessage(hwnd, LOWORD(wParam), CB_GETCURSEL, 0, 0); auto i = ::SendDlgItemMessage(hwnd, LOWORD(wParam), CB_GETCURSEL, 0, 0);
if (LOWORD(wParam) == IDC_STYLER_COMBO_FONT_SIZE) if (LOWORD(wParam) == IDC_STYLER_COMBO_FONT_SIZE)
{ {
TCHAR intStr[5]; TCHAR intStr[32];
if (i != 0) if (i != 0)
{ {
::SendDlgItemMessage(hwnd, LOWORD(wParam), CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(intStr)); ::SendDlgItemMessage(hwnd, LOWORD(wParam), CB_GETLBTEXT, i, reinterpret_cast<LPARAM>(intStr));

2
PowerEditor/src/WinControls/ColourPicker/WordStyleDlg.cpp
View File

@ -538,7 +538,7 @@ void WordStyleDlg::updateFontSize()
Style & style = getCurrentStyler(); Style & style = getCurrentStyler();
auto iFontSizeSel = ::SendMessage(_hFontSizeCombo, CB_GETCURSEL, 0, 0); auto iFontSizeSel = ::SendMessage(_hFontSizeCombo, CB_GETCURSEL, 0, 0);
TCHAR intStr[5]; TCHAR intStr[32];
if (iFontSizeSel != 0) if (iFontSizeSel != 0)
{ {
::SendMessage(_hFontSizeCombo, CB_GETLBTEXT, iFontSizeSel, reinterpret_cast<LPARAM>(intStr)); ::SendMessage(_hFontSizeCombo, CB_GETLBTEXT, iFontSizeSel, reinterpret_cast<LPARAM>(intStr));

7
PowerEditor/src/WinControls/Preference/preferenceDlg.cpp
View File

@ -532,7 +532,8 @@ INT_PTR CALLBACK BarsDlg::run_dlgProc(UINT message, WPARAM wParam, LPARAM)
{ {
LocalizationSwitcher & localizationSwitcher = pNppParam->getLocalizationSwitcher(); LocalizationSwitcher & localizationSwitcher = pNppParam->getLocalizationSwitcher();
auto index = ::SendDlgItemMessage(_hSelf, IDC_COMBO_LOCALIZATION, CB_GETCURSEL, 0, 0); auto index = ::SendDlgItemMessage(_hSelf, IDC_COMBO_LOCALIZATION, CB_GETCURSEL, 0, 0);
wchar_t langName[MAX_PATH]; auto cbTextLen = ::SendMessage(_hSelf, CB_GETLBTEXTLEN, index, 0);
TCHAR * langName = new TCHAR[cbTextLen + 1];
::SendDlgItemMessage(_hSelf, IDC_COMBO_LOCALIZATION, CB_GETLBTEXT, index, reinterpret_cast<LPARAM>(langName)); ::SendDlgItemMessage(_hSelf, IDC_COMBO_LOCALIZATION, CB_GETLBTEXT, index, reinterpret_cast<LPARAM>(langName));
if (langName[0]) if (langName[0])
{ {
@ -549,6 +550,8 @@ INT_PTR CALLBACK BarsDlg::run_dlgProc(UINT message, WPARAM wParam, LPARAM)
::InvalidateRect(_hParent, NULL, TRUE); ::InvalidateRect(_hParent, NULL, TRUE);
} }
} }
delete[] langName;
} }
return TRUE; return TRUE;
default: default:
@ -2306,7 +2309,7 @@ INT_PTR CALLBACK PrintSettingsDlg::run_dlgProc(UINT message, WPARAM wParam, LPAR
case IDC_COMBO_HFONTSIZE : case IDC_COMBO_HFONTSIZE :
case IDC_COMBO_FFONTSIZE : case IDC_COMBO_FFONTSIZE :
{ {
TCHAR intStr[5]; TCHAR intStr[32];
::SendDlgItemMessage(_hSelf, LOWORD(wParam), CB_GETLBTEXT, iSel, reinterpret_cast<LPARAM>(intStr)); ::SendDlgItemMessage(_hSelf, LOWORD(wParam), CB_GETLBTEXT, iSel, reinterpret_cast<LPARAM>(intStr));
int *pVal = (LOWORD(wParam) == IDC_COMBO_HFONTSIZE)?&(nppGUI._printSettings._headerFontSize):&(nppGUI._printSettings._footerFontSize); int *pVal = (LOWORD(wParam) == IDC_COMBO_HFONTSIZE)?&(nppGUI._printSettings._headerFontSize):&(nppGUI._printSettings._footerFontSize);