From 7ff45581650af8b36c46e2d66f63d8bcd6e26eb6 Mon Sep 17 00:00:00 2001 From: Don Ho Date: Wed, 22 Aug 2012 09:39:02 +0000 Subject: [PATCH] [BUG_FiXED] (Author: Andreas Jonsson) Fix a buffer overflow bug. git-svn-id: svn://svn.tuxfamily.org/svnroot/notepadplus/repository/trunk@941 f5eea248-9336-0410-98b8-ebc06183d4e3 --- PowerEditor/src/Notepad_plus.cpp | 4 ++-- PowerEditor/src/NppNotification.cpp | 9 +++++++-- PowerEditor/src/ScitillaComponent/AutoCompletion.cpp | 4 ++-- PowerEditor/src/ScitillaComponent/FindReplaceDlg.cpp | 2 +- PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp | 9 +++++---- PowerEditor/src/ScitillaComponent/ScintillaEditView.h | 6 +++--- PowerEditor/src/ScitillaComponent/columnEditor.cpp | 4 ++-- 7 files changed, 22 insertions(+), 16 deletions(-) diff --git a/PowerEditor/src/Notepad_plus.cpp b/PowerEditor/src/Notepad_plus.cpp index 6c4bcba9c..83617164d 100644 --- a/PowerEditor/src/Notepad_plus.cpp +++ b/PowerEditor/src/Notepad_plus.cpp @@ -1756,7 +1756,7 @@ generic_string Notepad_plus::getMarkedLine(int ln) int lineBegin = _pEditView->execute(SCI_POSITIONFROMLINE, ln); TCHAR * buf = new TCHAR[lineLen+1]; - _pEditView->getGenericText(buf, lineBegin, lineBegin + lineLen); + _pEditView->getGenericText(buf, lineLen + 1, lineBegin, lineBegin + lineLen); generic_string line = buf; delete [] buf; @@ -3235,7 +3235,7 @@ bool Notepad_plus::doBlockComment(comment_mode currCommentMode) continue; lineIndent = _pEditView->execute(SCI_GETLINEINDENTPOSITION, i); - _pEditView->getGenericText(linebuf, lineIndent, lineEnd); + _pEditView->getGenericText(linebuf, linebufferSize, lineIndent, lineEnd); generic_string linebufStr = linebuf; diff --git a/PowerEditor/src/NppNotification.cpp b/PowerEditor/src/NppNotification.cpp index 0003bf1dc..7f752c7a8 100644 --- a/PowerEditor/src/NppNotification.cpp +++ b/PowerEditor/src/NppNotification.cpp @@ -603,8 +603,13 @@ BOOL Notepad_plus::notify(SCNotification *notification) endPos = int(notifyView->execute(SCI_GETTARGETEND)); } - TCHAR currentWord[MAX_PATH*2]; - notifyView->getGenericText(currentWord, startPos, endPos); + // Prevent buffer overflow in getGenericText(). + if(endPos - startPos > 2*MAX_PATH) + endPos = startPos + 2*MAX_PATH; + + TCHAR currentWord[2*MAX_PATH]; + + notifyView->getGenericText(currentWord, MAX_PATH*2, startPos, endPos); ::ShellExecute(_pPublicInterface->getHSelf(), TEXT("open"), currentWord, NULL, NULL, SW_SHOW); _isHotspotDblClicked = true; diff --git a/PowerEditor/src/ScitillaComponent/AutoCompletion.cpp b/PowerEditor/src/ScitillaComponent/AutoCompletion.cpp index 7b1efbf16..516d4a810 100644 --- a/PowerEditor/src/ScitillaComponent/AutoCompletion.cpp +++ b/PowerEditor/src/ScitillaComponent/AutoCompletion.cpp @@ -91,7 +91,7 @@ bool AutoCompletion::showWordComplete(bool autoInsert) TCHAR beginChars[bufSize]; - _pEditView->getGenericText(beginChars, startPos, curPos); + _pEditView->getGenericText(beginChars, bufSize, startPos, curPos); generic_string expr(TEXT("\\<")); expr += beginChars; @@ -115,7 +115,7 @@ bool AutoCompletion::showWordComplete(bool autoInsert) if (foundTextLen < bufSize) { TCHAR w[bufSize]; - _pEditView->getGenericText(w, wordStart, wordEnd); + _pEditView->getGenericText(w, bufSize, wordStart, wordEnd); if (lstrcmp(w, beginChars) != 0) if (!isInList(w, wordArray)) diff --git a/PowerEditor/src/ScitillaComponent/FindReplaceDlg.cpp b/PowerEditor/src/ScitillaComponent/FindReplaceDlg.cpp index fbc1eac5e..f426f5b48 100644 --- a/PowerEditor/src/ScitillaComponent/FindReplaceDlg.cpp +++ b/PowerEditor/src/ScitillaComponent/FindReplaceDlg.cpp @@ -1580,7 +1580,7 @@ int FindReplaceDlg::processRange(ProcessOperation op, const TCHAR *txt2find, con int start_mark = targetStart - lstart; int end_mark = targetEnd - lstart; - (*_ppEditView)->getGenericText(lineBuf, lstart, lend, &start_mark, &end_mark); + (*_ppEditView)->getGenericText(lineBuf, 1024, lstart, lend, &start_mark, &end_mark); generic_string line; #ifdef UNICODE line = lineBuf; diff --git a/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp b/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp index 5022e476e..e76215b69 100644 --- a/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp +++ b/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp @@ -29,6 +29,7 @@ #include "precompiledHeaders.h" #include "ScintillaEditView.h" #include "Parameters.h" +#include "TCHAR.h" // initialize the static variable @@ -1680,7 +1681,7 @@ void ScintillaEditView::getText(char *dest, int start, int end) const execute(SCI_GETTEXTRANGE, 0, reinterpret_cast(&tr)); } -void ScintillaEditView::getGenericText(TCHAR *dest, int start, int end) const +void ScintillaEditView::getGenericText(TCHAR *dest, size_t destlen, int start, int end) const { #ifdef UNICODE WcharMbcsConvertor *wmc = WcharMbcsConvertor::getInstance(); @@ -1688,7 +1689,7 @@ void ScintillaEditView::getGenericText(TCHAR *dest, int start, int end) const getText(destA, start, end); unsigned int cp = execute(SCI_GETCODEPAGE); const TCHAR *destW = wmc->char2wchar(destA, cp); - lstrcpy(dest, destW); + _tcsncpy_s(dest, destlen, destW, _TRUNCATE); delete [] destA; #else getText(dest, start, end); @@ -1699,14 +1700,14 @@ void ScintillaEditView::getGenericText(TCHAR *dest, int start, int end) const // which are converted to the corresponding indexes in the returned TCHAR string. #ifdef UNICODE -void ScintillaEditView::getGenericText(TCHAR *dest, int start, int end, int *mstart, int *mend) const +void ScintillaEditView::getGenericText(TCHAR *dest, size_t destlen, int start, int end, int *mstart, int *mend) const { WcharMbcsConvertor *wmc = WcharMbcsConvertor::getInstance(); char *destA = new char[end - start + 1]; getText(destA, start, end); unsigned int cp = execute(SCI_GETCODEPAGE); const TCHAR *destW = wmc->char2wchar(destA, cp, mstart, mend); - lstrcpy(dest, destW); + _tcsncpy_s(dest, destlen, destW, _TRUNCATE); delete [] destA; } #else diff --git a/PowerEditor/src/ScitillaComponent/ScintillaEditView.h b/PowerEditor/src/ScitillaComponent/ScintillaEditView.h index a9ea90fd9..edfee4dc9 100644 --- a/PowerEditor/src/ScitillaComponent/ScintillaEditView.h +++ b/PowerEditor/src/ScitillaComponent/ScintillaEditView.h @@ -246,8 +246,8 @@ public: void syncFoldStateWith(const std::vector & lineStateVectorNew); void getText(char *dest, int start, int end) const; - void getGenericText(TCHAR *dest, int start, int end) const; - void getGenericText(TCHAR *dest, int start, int end, int *mstart, int *mend) const; + void getGenericText(TCHAR *dest, size_t destlen, int start, int end) const; + void getGenericText(TCHAR *dest, size_t deslen, int start, int end, int *mstart, int *mend) const; void insertGenericTextFrom(int position, const TCHAR *text2insert) const; void replaceSelWith(const char * replaceText); @@ -295,7 +295,7 @@ public: str[0] = '\0'; if ((caretPos - startPos) < strLen) - getGenericText(str, startPos, caretPos); + getGenericText(str, strLen, startPos, caretPos); }; void doUserDefineDlg(bool willBeShown = true, bool isRTL = false) { diff --git a/PowerEditor/src/ScitillaComponent/columnEditor.cpp b/PowerEditor/src/ScitillaComponent/columnEditor.cpp index d68e4e84e..ef0d9e0dc 100644 --- a/PowerEditor/src/ScitillaComponent/columnEditor.cpp +++ b/PowerEditor/src/ScitillaComponent/columnEditor.cpp @@ -112,7 +112,7 @@ BOOL CALLBACK ColumnEditorDlg::run_dlgProc(UINT message, WPARAM wParam, LPARAM) delete [] line; line = new TCHAR[lineLen]; } - (*_ppEditView)->getGenericText(line, lineBegin, lineEnd); + (*_ppEditView)->getGenericText(line, lineLen, lineBegin, lineEnd); generic_string s2r(line); if (lineEndCol < cursorCol) @@ -190,7 +190,7 @@ BOOL CALLBACK ColumnEditorDlg::run_dlgProc(UINT message, WPARAM wParam, LPARAM) delete [] line; line = new TCHAR[lineLen]; } - (*_ppEditView)->getGenericText(line, lineBegin, lineEnd); + (*_ppEditView)->getGenericText(line, lineLen, lineBegin, lineEnd); generic_string s2r(line); //