From: "Stefan Dösinger" Subject: [PATCH v2 1/1] winecfg: Support color profiles larger than MAX_PATH chars. Message-Id: Date: Tue, 28 Jun 2022 12:37:46 +0000 In-Reply-To: References: From: Stefan Dösinger Signed-off-by: Stefan Dösinger --- GetPrivateProfileStringW looks rather awkward to me, and we are dealing with external input here, so if there is a better way to handle this please let me know. A theme description I copypasted out of the registry has 384 characters, so a larger array than MAX_PATH is needed to import it correctly. A maliciously crafted ini file could have any size. --- programs/winecfg/theme.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/programs/winecfg/theme.c b/programs/winecfg/theme.c index 9c8737caf64..78bbf71dbfa 100644 --- a/programs/winecfg/theme.c +++ b/programs/winecfg/theme.c @@ -22,6 +22,7 @@ * */ +#include #include #include #include @@ -554,15 +555,25 @@ static void set_color_from_theme(const WCHAR *keyName, COLORREF color) static void do_parse_theme(WCHAR *file) { - WCHAR keyName[MAX_PATH], keyNameValue[MAX_PATH]; + WCHAR *keyName, keyNameValue[MAX_PATH]; + DWORD len, allocLen = 512; WCHAR *keyNamePtr = NULL; int red = 0, green = 0, blue = 0; COLORREF color; WINE_TRACE("%s\n", wine_dbgstr_w(file)); + keyName = malloc(sizeof(*keyName) * allocLen); + for (;;) + { + assert(keyName); + len = GetPrivateProfileStringW(L"Control Panel\\Colors", NULL, NULL, keyName, + allocLen, file); + if (len < allocLen - 2) + break; - GetPrivateProfileStringW(L"Control Panel\\Colors", NULL, NULL, keyName, - MAX_PATH, file); + allocLen *= 2; + keyName = realloc(keyName, sizeof(*keyName) * allocLen); + } keyNamePtr = keyName; while (*keyNamePtr!=0) { @@ -580,6 +591,7 @@ static void do_parse_theme(WCHAR *file) keyNamePtr+=lstrlenW(keyNamePtr); keyNamePtr++; } + free(keyName); } static void on_theme_install(HWND dialog) -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/331