KotJohansson/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 14:54:25 +00:00
Code Issues Projects Releases Wiki Activity

Perform a size check when dealing with clipboard data to be sure.

Browse Source 
Follow-up to 0b6d9a47051be9ef4d064c6f7c60717da91d0bc2
This commit is contained in:
wolfbeast
2019-05-29 11:05:41 +02:00
committed by Roy Tam
parent 3a613f462d
commit 5944b47f79
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
widget/windows/nsClipboard.cpp
+10 -6
View File
@@ -291,16 +291,20 @@ nsresult nsClipboard::GetGlobalData(HGLOBAL aHGBL, void ** aData, uint32_t * aLe
nsresult result = NS_ERROR_FAILURE;
if (aHGBL != nullptr) {
LPSTR lpStr = (LPSTR) GlobalLock(aHGBL);
DWORD allocSize = GlobalSize(aHGBL);
char* data = static_cast<char*>(malloc(allocSize + 3));
CheckedInt<uint32_t> allocSize = CheckedInt<uint32_t>(GlobalSize(aHGBL)) + 3;
if (!allocSize.isValid()) {
return NS_ERROR_INVALID_ARG;
}
char* data = static_cast<char*>(malloc(allocSize.value()));
if ( data ) {
memcpy ( data, lpStr, allocSize );
data[allocSize] = data[allocSize + 1] = data[allocSize + 2] =
'\0'; // null terminate for safety
uint32_t size = allocSize.value() - 3;
memcpy(data, lpStr, size);
// null terminate for safety
data[size] = data[size + 1] = data[size + 2] = '\0';
GlobalUnlock(aHGBL);
*aData = data;
*aLen = allocSize;
*aLen = size;
result = NS_OK;
}