[BUG_FiXED] (Author: Andreas Jonsson) Fix a buffer overflow bug.

git-svn-id: svn://svn.tuxfamily.org/svnroot/notepadplus/repository/trunk@941 f5eea248-9336-0410-98b8-ebc06183d4e3
12 years ago · 7ff4558165
parent 2873d37901
commit 7ff4558165
7 changed files with 22 additions and 16 deletions
--- a/PowerEditor/src/Notepad_plus.cpp
+++ b/PowerEditor/src/Notepad_plus.cpp
@ -1756,7 +1756,7 @@ generic_string Notepad_plus::getMarkedLine(int ln)
 	int lineBegin = _pEditView->execute(SCI_POSITIONFROMLINE, ln);
 	TCHAR * buf = new TCHAR[lineLen+1];
-	_pEditView->getGenericText(buf, lineBegin, lineBegin + lineLen);
+	_pEditView->getGenericText(buf, lineLen + 1, lineBegin, lineBegin + lineLen);
 	generic_string line = buf;
 	delete [] buf;
@ -3235,7 +3235,7 @@ bool Notepad_plus::doBlockComment(comment_mode currCommentMode)
                continue;
        lineIndent = _pEditView->execute(SCI_GETLINEINDENTPOSITION, i);
-		_pEditView->getGenericText(linebuf, lineIndent, lineEnd);
+		_pEditView->getGenericText(linebuf, linebufferSize, lineIndent, lineEnd);
        generic_string linebufStr = linebuf;
--- a/PowerEditor/src/NppNotification.cpp
+++ b/PowerEditor/src/NppNotification.cpp
@ -603,8 +603,13 @@ BOOL Notepad_plus::notify(SCNotification *notification)
 			endPos = int(notifyView->execute(SCI_GETTARGETEND));
 		}
-		TCHAR currentWord[MAX_PATH*2];
+		// Prevent buffer overflow in getGenericText().
-		notifyView->getGenericText(currentWord, startPos, endPos);
+		if(endPos - startPos > 2*MAX_PATH)
 			endPos = startPos + 2*MAX_PATH;
 		TCHAR currentWord[2*MAX_PATH];
 		notifyView->getGenericText(currentWord, MAX_PATH*2, startPos, endPos);
 		::ShellExecute(_pPublicInterface->getHSelf(), TEXT("open"), currentWord, NULL, NULL, SW_SHOW);
 		_isHotspotDblClicked = true;
--- a/PowerEditor/src/ScitillaComponent/AutoCompletion.cpp
+++ b/PowerEditor/src/ScitillaComponent/AutoCompletion.cpp
@ -91,7 +91,7 @@ bool AutoCompletion::showWordComplete(bool autoInsert)
 	TCHAR beginChars[bufSize];
-	_pEditView->getGenericText(beginChars, startPos, curPos);
+	_pEditView->getGenericText(beginChars, bufSize, startPos, curPos);
 	generic_string expr(TEXT("\\<"));
 	expr += beginChars;
@ -115,7 +115,7 @@ bool AutoCompletion::showWordComplete(bool autoInsert)
 		if (foundTextLen < bufSize)
 		{
 			TCHAR w[bufSize];
-			_pEditView->getGenericText(w, wordStart, wordEnd);
+			_pEditView->getGenericText(w, bufSize, wordStart, wordEnd);
 			if (lstrcmp(w, beginChars) != 0)
 				if (!isInList(w, wordArray))
--- a/PowerEditor/src/ScitillaComponent/FindReplaceDlg.cpp
+++ b/PowerEditor/src/ScitillaComponent/FindReplaceDlg.cpp
@ -1580,7 +1580,7 @@ int FindReplaceDlg::processRange(ProcessOperation op, const TCHAR *txt2find, con
 				int start_mark = targetStart - lstart;
 				int end_mark = targetEnd - lstart;
-				(*_ppEditView)->getGenericText(lineBuf, lstart, lend, &start_mark, &end_mark);
+				(*_ppEditView)->getGenericText(lineBuf, 1024, lstart, lend, &start_mark, &end_mark);
 				generic_string line;
 #ifdef UNICODE
 				line = lineBuf;
--- a/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp
+++ b/PowerEditor/src/ScitillaComponent/ScintillaEditView.cpp
@ -29,6 +29,7 @@
 #include "precompiledHeaders.h"
 #include "ScintillaEditView.h"
 #include "Parameters.h"
 #include "TCHAR.h"
 // initialize the static variable
@ -1680,7 +1681,7 @@ void ScintillaEditView::getText(char *dest, int start, int end) const
 	execute(SCI_GETTEXTRANGE, 0, reinterpret_cast<LPARAM>(&tr));
 }
-void ScintillaEditView::getGenericText(TCHAR *dest, int start, int end) const
+void ScintillaEditView::getGenericText(TCHAR *dest, size_t destlen, int start, int end) const
 {
 #ifdef UNICODE
 	WcharMbcsConvertor *wmc = WcharMbcsConvertor::getInstance();
@ -1688,7 +1689,7 @@ void ScintillaEditView::getGenericText(TCHAR *dest, int start, int end) const
 	getText(destA, start, end);
 	unsigned int cp = execute(SCI_GETCODEPAGE); 
 	const TCHAR *destW = wmc->char2wchar(destA, cp);
-	lstrcpy(dest, destW);
+	_tcsncpy_s(dest, destlen, destW, _TRUNCATE);
 	delete [] destA;
 #else
 	getText(dest, start, end);
@ -1699,14 +1700,14 @@ void ScintillaEditView::getGenericText(TCHAR *dest, int start, int end) const
 // which are converted to the corresponding indexes in the returned TCHAR string.
 #ifdef UNICODE
-void ScintillaEditView::getGenericText(TCHAR *dest, int start, int end, int *mstart, int *mend) const
+void ScintillaEditView::getGenericText(TCHAR *dest, size_t destlen, int start, int end, int *mstart, int *mend) const
 {
 	WcharMbcsConvertor *wmc = WcharMbcsConvertor::getInstance();
 	char *destA = new char[end - start + 1];
 	getText(destA, start, end);
 	unsigned int cp = execute(SCI_GETCODEPAGE); 
 	const TCHAR *destW = wmc->char2wchar(destA, cp, mstart, mend);
-	lstrcpy(dest, destW);
+	_tcsncpy_s(dest, destlen, destW, _TRUNCATE);
 	delete [] destA;
 }
 #else
--- a/PowerEditor/src/ScitillaComponent/ScintillaEditView.h
+++ b/PowerEditor/src/ScitillaComponent/ScintillaEditView.h
@ -246,8 +246,8 @@ public:
 	void syncFoldStateWith(const std::vector<HeaderLineState> & lineStateVectorNew);
 	void getText(char *dest, int start, int end) const;
-	void getGenericText(TCHAR *dest, int start, int end) const;
+	void getGenericText(TCHAR *dest, size_t destlen, int start, int end) const;
-	void getGenericText(TCHAR *dest, int start, int end, int *mstart, int *mend) const;
+	void getGenericText(TCHAR *dest, size_t deslen, int start, int end, int *mstart, int *mend) const;
 	void insertGenericTextFrom(int position, const TCHAR *text2insert) const;
 	void replaceSelWith(const char * replaceText);
@ -295,7 +295,7 @@ public:
 		str[0] = '\0';
 		if ((caretPos - startPos) < strLen)
-			getGenericText(str, startPos, caretPos);
+			getGenericText(str, strLen, startPos, caretPos);
 	};
    void doUserDefineDlg(bool willBeShown = true, bool isRTL = false) {
--- a/PowerEditor/src/ScitillaComponent/columnEditor.cpp
+++ b/PowerEditor/src/ScitillaComponent/columnEditor.cpp
@ -112,7 +112,7 @@ BOOL CALLBACK ColumnEditorDlg::run_dlgProc(UINT message, WPARAM wParam, LPARAM)
 									delete [] line;
 									line = new TCHAR[lineLen];
 								}
-								(*_ppEditView)->getGenericText(line, lineBegin, lineEnd);
+								(*_ppEditView)->getGenericText(line, lineLen, lineBegin, lineEnd);
 								generic_string s2r(line);
 								if (lineEndCol < cursorCol)
@ -190,7 +190,7 @@ BOOL CALLBACK ColumnEditorDlg::run_dlgProc(UINT message, WPARAM wParam, LPARAM)
 									delete [] line;
 									line = new TCHAR[lineLen];
 								}
-								(*_ppEditView)->getGenericText(line, lineBegin, lineEnd);
+								(*_ppEditView)->getGenericText(line, lineLen, lineBegin, lineEnd);
 								generic_string s2r(line);
 								//