diff options
author | jan.nijtmans <nijtmans@users.sourceforge.net> | 2023-05-24 15:16:14 (GMT) |
---|---|---|
committer | jan.nijtmans <nijtmans@users.sourceforge.net> | 2023-05-24 15:16:14 (GMT) |
commit | 6c1bdd15d6fabcc595c0fefdb9994800f21cf07d (patch) | |
tree | 49edc03de8cb44cef4cd9399656402c23fe131b2 /win/tclWinDde.c | |
parent | 2acd355f8dc8e75b3a63b7b1dc079ebccb3a2701 (diff) | |
download | tcl-6c1bdd15d6fabcc595c0fefdb9994800f21cf07d.zip tcl-6c1bdd15d6fabcc595c0fefdb9994800f21cf07d.tar.gz tcl-6c1bdd15d6fabcc595c0fefdb9994800f21cf07d.tar.bz2 |
More size protection for winDde
Diffstat (limited to 'win/tclWinDde.c')
-rw-r--r-- | win/tclWinDde.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/win/tclWinDde.c b/win/tclWinDde.c index 697aae6..3377bfa 100644 --- a/win/tclWinDde.c +++ b/win/tclWinDde.c @@ -313,12 +313,12 @@ DdeSetServerName( Tcl_Obj *handlerPtr) /* Name of the optional proc/command to handle * incoming Dde eval's */ { - int suffix, offset; + int suffix; RegisteredInterp *riPtr, *prevPtr; Tcl_DString dString; const WCHAR *actualName; Tcl_Obj *srvListPtr = NULL, **srvPtrPtr = NULL; - Tcl_Size n, srvCount = 0; + Tcl_Size n, srvCount = 0, offset; int lastSuffix, r = TCL_OK; ThreadSpecificData *tsdPtr = TCL_TSD_INIT(&dataKey); @@ -942,8 +942,8 @@ DdeServerProc( */ HSZPAIR *returnPtr; - int i; - int numItems; + Tcl_Size i; + DWORD numItems; for (i = 0, riPtr = tsdPtr->interpListPtr; riPtr != NULL; i++, riPtr = riPtr->nextPtr) { @@ -952,12 +952,15 @@ DdeServerProc( */ } - numItems = i; + if ((size_t)i >= UINT_MAX/sizeof(HSZPAIR)) { + return NULL; + } + numItems = (DWORD)i; ddeReturn = DdeCreateDataHandle(ddeInstance, NULL, - (numItems + 1) * sizeof(HSZPAIR), 0, 0, 0, 0); + (numItems + 1) * (DWORD)sizeof(HSZPAIR), 0, 0, 0, 0); returnPtr = (HSZPAIR *) DdeAccessData(ddeReturn, &dlen); len = dlen; - for (i = 0, riPtr = tsdPtr->interpListPtr; i < numItems; + for (i = 0, riPtr = tsdPtr->interpListPtr; i < (Tcl_Size)numItems; i++, riPtr = riPtr->nextPtr) { returnPtr[i].hszSvc = DdeCreateStringHandleW(ddeInstance, TCL_DDE_SERVICE_NAME, CP_WINUNICODE); @@ -1645,7 +1648,7 @@ DdeObjCmd( if ((tmp >= sizeof(WCHAR)) && !dataString[tmp / sizeof(WCHAR) - 1]) { - tmp -= sizeof(WCHAR); + tmp -= (DWORD)sizeof(WCHAR); } Tcl_DStringInit(&dsBuf); Tcl_WCharToUtfDString(dataString, tmp>>1, &dsBuf); |