Commit be1d8749 authored by Eli Zaretskii's avatar Eli Zaretskii

Fix issues found by auditing w32notify code

* src/w32inevt.c (handle_file_notifications): Count the number of
events to be returned.
* src/w32notify.c (send_notifications): Don't copy to the file
notification buffer more than it can hold.  (Bug#22534)
parent 87ae2185
......@@ -660,6 +660,7 @@ handle_file_notifications (struct input_event *hold_quit)
inev.arg = list3 (make_pointer_integer (notifications_desc),
action, fname);
kbd_buffer_store_event_hold (&inev, hold_quit);
nevents++;
if (!fni->NextEntryOffset)
break;
......
......@@ -144,8 +144,9 @@ send_notifications (BYTE *info, DWORD info_size, void *desc,
if (!notification_buffer_in_use)
{
if (info_size)
memcpy (file_notifications, info, info_size);
notifications_size = info_size;
memcpy (file_notifications, info,
min (info_size, sizeof (file_notifications)));
notifications_size = min (info_size, sizeof (file_notifications));
notifications_desc = desc;
/* If PostMessage fails, the message queue is full. If that
happens, the last thing they will worry about is file
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment