search

microsoft / Windows-classic-samples

This repo contains samples that demonstrate the API used in Windows classic desktop applications.
Other
5.1k stars 3.24k forks source link

AMGetWideString is bugged #234

Open eezstreet opened 2 years ago

eezstreet commented 2 years ago

AMGetWideString in Samples/Win7Samples/multimedia/directshow/baseclasses/wxutil.cpp is bugged:

// Return a wide string - allocating memory for it
// Returns:
//    S_OK          - no error
//    E_POINTER     - ppszReturn == NULL
//    E_OUTOFMEMORY - can't allocate memory for returned string
STDAPI AMGetWideString(LPCWSTR psz, __deref_out LPWSTR *ppszReturn)
{
    CheckPointer(ppszReturn, E_POINTER);
    ValidateReadWritePtr(ppszReturn, sizeof(LPWSTR));
    *ppszReturn = NULL;
    ASSERT(psz);
    const size_t nameLen = wcslen(psz);
    *ppszReturn = (LPWSTR)CoTaskMemAlloc(nameLen + sizeof(WCHAR));
    if (*ppszReturn == NULL) {
       return E_OUTOFMEMORY;
    }
    CopyMemory(*ppszReturn, psz, nameLen + sizeof(WCHAR));
    return NOERROR;
}

There's two lines that are problematic:

*ppszReturn = (LPWSTR)CoTaskMemAlloc(nameLen + sizeof(WCHAR));
...
CopyMemory(*ppszReturn, psz, nameLen + sizeof(WCHAR));

These should be * sizeof(WCHAR), not + sizeof(WCHAR). As a result this function won't copy the full string over, rather it will copy a small section of it and won't null-terminate it correctly.

This function is used in CBasePropertyPage::GetPageInfo in DirectShow, causing any property pages by custom DirectShow filters to have their titles render incorrectly.