From: Bruno Jesus <00cpxxx@gmail.com>
Subject: cmd: Ensure environment variables fit in memory
Message-Id: <CALF_nUTHBvNGfCwao4fV4mh6eCKZfEoeqrLCtZDmQ-+LeGSp1w@mail.gmail.com>
Date: Tue, 6 Jan 2015 14:55:01 -0200

Fixes bug https://bugs.winehq.org/show_bug.cgi?id=37848

diff --git a/programs/cmd/batch.c b/programs/cmd/batch.c
index 294a153..1a78b55 100644
--- a/programs/cmd/batch.c
+++ b/programs/cmd/batch.c
@@ -496,15 +496,23 @@ void WCMD_HandleTildaModifiers(WCHAR **start, BOOL atExecute)
     WCHAR *begin = strchrW(firstModifier, '$') + 1;
     WCHAR *end   = strchrW(firstModifier, ':');
     WCHAR env[MAX_PATH];
-    WCHAR fullpath[MAX_PATH];
+    DWORD size;
 
     /* Extract the env var */
     memcpy(env, begin, (end-begin) * sizeof(WCHAR));
     env[(end-begin)] = 0x00;
 
-    /* If env var not found, return empty string */
-    if ((GetEnvironmentVariableW(env, fullpath, MAX_PATH) == 0) ||
-        (SearchPathW(fullpath, outputparam, NULL, MAX_PATH, outputparam, NULL) == 0)) {
+    size = GetEnvironmentVariableW(env, NULL, 0);
+    if (size > 0) {
+      WCHAR *fullpath = heap_alloc(size * sizeof(WCHAR));
+      if (!fullpath || (GetEnvironmentVariableW(env, fullpath, size) == 0) ||
+          (SearchPathW(fullpath, outputparam, NULL, MAX_PATH, outputparam, NULL) == 0))
+          size = 0;
+      heap_free(fullpath);
+    }
+
+    if (!size) {
+      /* If env var not found, return empty string */
       finaloutput[0] = 0x00;
       outputparam[0] = 0x00;
       skipFileParsing = TRUE;