procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix issues found by auditing w32notify code

Browse source 
* src/w32inevt.c (handle_file_notifications): Count the number of
events to be returned.
* src/w32notify.c (send_notifications): Don't copy to the file
notification buffer more than it can hold.  (Bug#22534)
This commit is contained in:
Eli Zaretskii 2016-02-06 18:30:35 +02:00
parent 87ae21858a
commit be1d87492e
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/w32inevt.c
View file

@ -660,6 +660,7 @@ handle_file_notifications (struct input_event *hold_quit)
inev.arg = list3 (make_pointer_integer (notifications_desc),
action, fname);
kbd_buffer_store_event_hold (&inev, hold_quit);
nevents++;
if (!fni->NextEntryOffset)
break;

5
src/w32notify.c
View file

@ -144,8 +144,9 @@ send_notifications (BYTE *info, DWORD info_size, void *desc,
if (!notification_buffer_in_use)
{
if (info_size)
memcpy (file_notifications, info, info_size);
notifications_size = info_size;
memcpy (file_notifications, info,
min (info_size, sizeof (file_notifications)));
notifications_size = min (info_size, sizeof (file_notifications));
notifications_desc = desc;
/* If PostMessage fails, the message queue is full. If that
happens, the last thing they will worry about is file