commit cded39f4ead366d3702a322a772650c27d1db463
parent a68970f053035cfaa9ff6064d12e7801a2316193
Author: cfillion <cfillion@users.noreply.github.com>
Date: Sat, 23 Apr 2016 09:52:25 -0400
fix possible buffer overflow in most auto_snprintf calls on windows
Diffstat:
8 files changed, 36 insertions(+), 26 deletions(-)
diff --git a/src/about.cpp b/src/about.cpp
@@ -122,13 +122,13 @@ void About::onContextMenu(HWND target, const int x, const int y)
void About::populate()
{
- auto_char title[255] = {};
+ auto_char title[32] = {};
const auto_string &name = make_autostring(m_index->name());
- auto_snprintf(title, sizeof(title), AUTO_STR("About %s"), name.c_str());
+ auto_snprintf(title, auto_size(title), AUTO_STR("About %s"), name.c_str());
SetWindowText(handle(), title);
auto_char btnLabel[32] = {};
- auto_snprintf(btnLabel, sizeof(btnLabel),
+ auto_snprintf(btnLabel, auto_size(btnLabel),
AUTO_STR("Install/update %s"), name.c_str());
SetWindowText(getControl(IDC_INSTALL), btnLabel);
@@ -213,7 +213,7 @@ void About::updateInstalledFiles()
catch(const reapack_error &e) {
const auto_string &desc = make_autostring(e.what());
auto_char msg[255] = {};
- auto_snprintf(msg, sizeof(msg),
+ auto_snprintf(msg, auto_size(msg),
AUTO_STR("The file list is currently unavailable.\x20")
AUTO_STR("Retry later when all installation task are completed.\r\n")
AUTO_STR("\r\nError description: %s"),
diff --git a/src/browser.cpp b/src/browser.cpp
@@ -215,8 +215,9 @@ void Browser::onContextMenu(HWND target, const int x, const int y)
if(entry->test(InstalledFlag)) {
if(entry->test(OutOfDateFlag)) {
- auto_char installLabel[255] = {};
- auto_snprintf(installLabel, sizeof(installLabel), AUTO_STR("U&pdate to v%s"),
+ auto_char installLabel[32] = {};
+ auto_snprintf(installLabel, auto_size(installLabel),
+ AUTO_STR("U&pdate to v%s"),
make_autostring(entry->latest->name()).c_str());
const UINT actionIndex = menu.addAction(installLabel, ACTION_LATEST);
@@ -224,8 +225,9 @@ void Browser::onContextMenu(HWND target, const int x, const int y)
menu.check(actionIndex);
}
- auto_char reinstallLabel[255] = {};
- auto_snprintf(reinstallLabel, sizeof(reinstallLabel), AUTO_STR("&Reinstall v%s"),
+ auto_char reinstallLabel[32] = {};
+ auto_snprintf(reinstallLabel, auto_size(reinstallLabel),
+ AUTO_STR("&Reinstall v%s"),
make_autostring(entry->regEntry.version.name()).c_str());
const UINT actionIndex = menu.addAction(reinstallLabel, ACTION_REINSTALL);
@@ -235,8 +237,9 @@ void Browser::onContextMenu(HWND target, const int x, const int y)
menu.check(actionIndex);
}
else {
- auto_char installLabel[255] = {};
- auto_snprintf(installLabel, sizeof(installLabel), AUTO_STR("&Install v%s"),
+ auto_char installLabel[32] = {};
+ auto_snprintf(installLabel, auto_size(installLabel),
+ AUTO_STR("&Install v%s"),
make_autostring(entry->latest->name()).c_str());
const UINT actionIndex = menu.addAction(installLabel, ACTION_LATEST);
@@ -280,9 +283,9 @@ void Browser::onContextMenu(HWND target, const int x, const int y)
menu.setEnabled(!entry->test(ObsoleteFlag),
menu.addAction(AUTO_STR("Package &History"), ACTION_HISTORY));
- auto_char aboutLabel[255] = {};
+ auto_char aboutLabel[32] = {};
const auto_string &name = make_autostring(getValue(RemoteColumn, *entry));
- auto_snprintf(aboutLabel, sizeof(aboutLabel),
+ auto_snprintf(aboutLabel, auto_size(aboutLabel),
AUTO_STR("&About %s..."), name.c_str());
menu.addAction(aboutLabel, ACTION_ABOUT);
@@ -449,7 +452,7 @@ void Browser::populate()
catch(const reapack_error &e) {
const auto_string &desc = make_autostring(e.what());
auto_char msg[255] = {};
- auto_snprintf(msg, sizeof(msg),
+ auto_snprintf(msg, auto_size(msg),
AUTO_STR("ReaPack could not read from its package registry.\r\n")
AUTO_STR("Retry later once all installation task are completed.\r\n")
AUTO_STR("\r\nError description: %s"),
@@ -801,7 +804,7 @@ bool Browser::confirm() const
const size_t count = m_actions.size();
auto_char msg[255] = {};
- auto_snprintf(msg, sizeof(msg),
+ auto_snprintf(msg, auto_size(msg),
AUTO_STR("Confirm execution of %zu action%s?\n"),
count, count == 1 ? AUTO_STR("") : AUTO_STR("s"));
diff --git a/src/encoding.hpp b/src/encoding.hpp
@@ -49,4 +49,6 @@ typedef std::string auto_string;
#endif
+#define auto_size(buf) (sizeof(buf) / sizeof(auto_char))
+
#endif
diff --git a/src/main.cpp b/src/main.cpp
@@ -93,7 +93,7 @@ static void menuHook(const char *name, HMENU handle, int f)
menu.addSeparator();
auto_char aboutLabel[32] = {};
- auto_snprintf(aboutLabel, sizeof(aboutLabel),
+ auto_snprintf(aboutLabel, auto_size(aboutLabel),
AUTO_STR("&About ReaPack v%s"), make_autostring(ReaPack::VERSION).c_str());
menu.addAction(aboutLabel, NamedCommandLookup("_REAPACK_ABOUT"));
}
@@ -107,7 +107,7 @@ static bool checkLocation(REAPER_PLUGIN_HINSTANCE module)
#ifdef _WIN32
auto_char self[MAX_PATH] = {};
- GetModuleFileName(module, self, sizeof(self));
+ GetModuleFileName(module, self, auto_size(self));
Path current(from_autostring(self).c_str());
#else
Dl_info info{};
@@ -120,7 +120,7 @@ static bool checkLocation(REAPER_PLUGIN_HINSTANCE module)
return true;
auto_char msg[4096] = {};
- auto_snprintf(msg, sizeof(msg),
+ auto_snprintf(msg, auto_size(msg),
AUTO_STR("ReaPack was not loaded from the standard extension path")
AUTO_STR(" or its filename was altered.\n")
AUTO_STR("Move or rename it to the expected location and retry.\n\n")
diff --git a/src/manager.cpp b/src/manager.cpp
@@ -148,9 +148,9 @@ void Manager::onContextMenu(HWND target, const int x, const int y)
menu.addSeparator();
- auto_char aboutLabel[255] = {};
+ auto_char aboutLabel[32] = {};
const auto_string &name = make_autostring(remote.name());
- auto_snprintf(aboutLabel, sizeof(aboutLabel),
+ auto_snprintf(aboutLabel, auto_size(aboutLabel),
AUTO_STR("&About %s..."), name.c_str());
menu.addAction(aboutLabel, index | (ACTION_ABOUT << 8));
@@ -272,7 +272,7 @@ bool Manager::confirm() const
const size_t uninstallSize = m_uninstall.size();
auto_char msg[255] = {};
- auto_snprintf(msg, sizeof(msg),
+ auto_snprintf(msg, auto_size(msg),
AUTO_STR("Uninstall %zu repositories%s?\n")
AUTO_STR("Every file they contain will be removed from your computer."),
uninstallSize, uninstallSize == 1 ? AUTO_STR("") : AUTO_STR("s"));
diff --git a/src/progress.cpp b/src/progress.cpp
@@ -73,7 +73,7 @@ void Progress::addDownload(Download *dl)
void Progress::updateProgress()
{
auto_char label[1024] = {};
- auto_snprintf(label, sizeof(label), AUTO_STR("Downloading %d of %d: %s"),
+ auto_snprintf(label, auto_size(label), AUTO_STR("Downloading %d of %d: %s"),
min(m_done + 1, m_total), m_total, m_currentName.c_str());
SetWindowText(m_label, label);
@@ -82,7 +82,7 @@ void Progress::updateProgress()
const int percent = (int)(pos * 100);
auto_char title[255] = {};
- auto_snprintf(title, sizeof(title),
+ auto_snprintf(title, auto_size(title),
AUTO_STR("ReaPack: Download in progress (%d%%)"), percent);
SendMessage(m_progress, PBM_SETPOS, percent, 0);
diff --git a/src/reapack.cpp b/src/reapack.cpp
@@ -417,7 +417,7 @@ void ReaPack::doFetchIndex(const Remote &remote, DownloadQueue *queue,
const auto warn = [=] (const string &desc, const auto_char *title) {
auto_char msg[512] = {};
- auto_snprintf(msg, sizeof(msg),
+ auto_snprintf(msg, auto_size(msg),
AUTO_STR("ReaPack could not download %s's index.\n\n")
AUTO_STR("Try again later. ")
@@ -459,7 +459,7 @@ IndexPtr ReaPack::loadIndex(const Remote &remote, HWND parent)
const auto_string &desc = make_autostring(e.what());
auto_char msg[512] = {};
- auto_snprintf(msg, sizeof(msg),
+ auto_snprintf(msg, auto_size(msg),
AUTO_STR("ReaPack could not read %s's index.\n\n")
AUTO_STR("Synchronize your packages and try again later.\n")
@@ -490,7 +490,7 @@ Transaction *ReaPack::createTransaction()
const auto_string &desc = make_autostring(e.what());
auto_char msg[512] = {};
- auto_snprintf(msg, sizeof(msg),
+ auto_snprintf(msg, auto_size(msg),
AUTO_STR("The following error occurred while creating a transaction:\n\n%s"),
desc.c_str()
);
@@ -576,7 +576,7 @@ void ReaPack::registerSelf()
const auto_string &desc = make_autostring(e.what());
auto_char msg[255] = {};
- auto_snprintf(msg, sizeof(msg),
+ auto_snprintf(msg, auto_size(msg),
AUTO_STR("ReaPack could not register itself! Please report this issue.\n\n")
AUTO_STR("Error description: %s"), desc.c_str());
diff --git a/test/encoding.cpp b/test/encoding.cpp
@@ -25,3 +25,8 @@ TEST_CASE("string to wstring to string", M) {
REQUIRE(str == "Новая папка");
}
}
+
+TEST_CASE("auto_size", M) {
+ auto_char test[42] = {};
+ REQUIRE(auto_size(test) == 42);
+}
