From: Alex Henrie <alexhenrie24@gmail.com>
Subject: comdlg32: Correctly handle filters with invalid extensions in Save As dialogs
Message-Id: <20120124143443.68dc00fb73844d343054ecc3@gmail.com>
Date: Tue, 24 Jan 2012 14:34:43 -0700

Fixes bug 29699.
---
 dlls/comdlg32/filedlg.c       |   25 ++++++++++++++-----------
 dlls/comdlg32/tests/filedlg.c |    1 +
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/dlls/comdlg32/filedlg.c b/dlls/comdlg32/filedlg.c
index c31641b..0fd9644 100644
--- a/dlls/comdlg32/filedlg.c
+++ b/dlls/comdlg32/filedlg.c
@@ -2549,24 +2549,27 @@ BOOL FILEDLG95_OnOpen(HWND hwnd)
 
             if (lpstrFilter != (LPWSTR)CB_ERR)  /* control is not empty */
             {
-                WCHAR* filterAtSemicolon;
-                filterExt = HeapAlloc(GetProcessHeap(), 0, lstrlenW(lpstrFilter) * sizeof(WCHAR) + sizeof(WCHAR));
+                WCHAR* filterSearchIndex;
+                filterExt = HeapAlloc(GetProcessHeap(), 0, (lstrlenW(lpstrFilter) + 1) * sizeof(WCHAR));
                 strcpyW(filterExt, lpstrFilter);
 
                 /* if a semicolon-separated list of file extensions was given, do not include the
                    semicolon or anything after it in the extension.
                    example: if filterExt was "*.abc;*.def", it will become "*.abc" */
-                filterAtSemicolon = strchrW(filterExt, ';');
-                if (filterAtSemicolon)
+                filterSearchIndex = strchrW(filterExt, ';');
+                if (filterSearchIndex)
                 {
-                    filterAtSemicolon[0] = '\0';
+                    filterSearchIndex[0] = '\0';
                 }
 
                 /* strip the * or anything else from the extension, "*.abc" becomes "abc" */
-                strcpyW(filterExt, PathFindExtensionW(filterExt) + 1);
-
-                /* if the extension contains a glob, ignore it */
-                if (strchrW(filterExt, '*') || strchrW(filterExt, '?'))
+                /* if the extension is invalid or contains a glob, ignore it */
+                filterSearchIndex = PathFindExtensionW(filterExt);
+                if (*filterSearchIndex++ && !strchrW(filterSearchIndex, '*') && !strchrW(filterSearchIndex, '?'))
+                {
+                    strcpyW(filterExt, filterSearchIndex);
+                }
+                else
                 {
                     HeapFree(GetProcessHeap(), 0, filterExt);
                     filterExt = NULL;
@@ -2576,7 +2579,7 @@ BOOL FILEDLG95_OnOpen(HWND hwnd)
             if (!filterExt)
             {
                 /* use the default file extension */
-                filterExt = HeapAlloc(GetProcessHeap(), 0, lstrlenW(fodInfos->defext) * sizeof(WCHAR) + sizeof(WCHAR));
+                filterExt = HeapAlloc(GetProcessHeap(), 0, (lstrlenW(fodInfos->defext) + 1) * sizeof(WCHAR));
                 strcpyW(filterExt, fodInfos->defext);
             }
 
@@ -2585,7 +2588,7 @@ BOOL FILEDLG95_OnOpen(HWND hwnd)
                 /* Attach the dot*/
                 lstrcatW(lpstrPathAndFile, szwDot);
                 /* Attach the extension */
-                lstrcatW(lpstrPathAndFile, filterExt );
+                lstrcatW(lpstrPathAndFile, filterExt);
             }
 
             HeapFree(GetProcessHeap(), 0, filterExt);
diff --git a/dlls/comdlg32/tests/filedlg.c b/dlls/comdlg32/tests/filedlg.c
index 0d1112f..b1c1e76 100644
--- a/dlls/comdlg32/tests/filedlg.c
+++ b/dlls/comdlg32/tests/filedlg.c
@@ -1086,6 +1086,7 @@ static void test_extension(void)
         "TestFilter (*.pt*;*.abc)\0*.pt*;*.abc\0",
         "TestFilter (*.ab?)\0*.ab?\0",
         "TestFilter (*.*)\0*.*\0",
+        "TestFilter (*sav)\0*sav\0",
         NULL    /* is a test, not an endmark! */
     };
 
-- 
1.7.5.4