Fix #5121: Determine actual string length for input data
authorArmin Novak <armin.novak@thincast.com>
Mon, 10 Dec 2018 11:41:04 +0000 (12:41 +0100)
committerArmin Novak <armin.novak@thincast.com>
Mon, 10 Dec 2018 11:41:04 +0000 (12:41 +0100)
ConvertFromUnicode ignores '\0' sequences when the length of the input
string is given. Clipboard strings may be larger than the actual string
length and padded with random data leading to decoding errors.
Limit the length to the first occurrence of a '\0'.

winpr/libwinpr/clipboard/synthetic.c

index 981cc56..52606b1 100644 (file)
@@ -46,14 +46,15 @@ static void* clipboard_synthesize_cf_text(wClipboard* clipboard, UINT32 formatId
 
        if (formatId == CF_UNICODETEXT)
        {
+               size_t wsize;
                char* str = NULL;
 
                if (*pSize > INT32_MAX)
                        return NULL;
 
-               size = (int) * pSize;
-               size = ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) data,
-                                         size / 2, (CHAR**) &str, 0, NULL, NULL);
+               wsize = _wcsnlen(data, (*pSize) / 2);
+               size = ConvertFromUnicode(CP_UTF8, 0, (LPCWSTR) data,
+                                         wsize, (CHAR**) &str, 0, NULL, NULL);
 
                if (!str)
                        return NULL;
@@ -168,9 +169,9 @@ static void* clipboard_synthesize_utf8_string(wClipboard* clipboard, UINT32 form
 
        if (formatId == CF_UNICODETEXT)
        {
-               size = (INT64) * pSize;
-               size = ConvertFromUnicode(CP_UTF8, 0, (WCHAR*) data,
-                                         size / 2, (CHAR**) &pDstData, 0, NULL, NULL);
+               size_t wsize = _wcsnlen(data, (*pSize) / 2);
+               size = ConvertFromUnicode(CP_UTF8, 0, (LPWSTR) data,
+                                         wsize, (CHAR**) &pDstData, 0, NULL, NULL);
 
                if (!pDstData)
                        return NULL;