diff options
author | Alex Gaynor <agaynor@mozilla.com> | 2019-02-07 14:08:09 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-02-07 14:08:09 +0100 |
commit | 0b6d9a47051be9ef4d064c6f7c60717da91d0bc2 (patch) | |
tree | cae411f553b97800e518e6bf79b7860fdb8d3dc6 | |
parent | 6567bb631a78033b6b4cc32bc93e07d837652276 (diff) | |
download | UXP-0b6d9a47051be9ef4d064c6f7c60717da91d0bc2.tar UXP-0b6d9a47051be9ef4d064c6f7c60717da91d0bc2.tar.gz UXP-0b6d9a47051be9ef4d064c6f7c60717da91d0bc2.tar.lz UXP-0b6d9a47051be9ef4d064c6f7c60717da91d0bc2.tar.xz UXP-0b6d9a47051be9ef4d064c6f7c60717da91d0bc2.zip |
Handle pasted data of certain types with an odd length.
-rw-r--r-- | widget/windows/nsClipboard.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/widget/windows/nsClipboard.cpp b/widget/windows/nsClipboard.cpp index 0db1dd342..432badeb5 100644 --- a/widget/windows/nsClipboard.cpp +++ b/widget/windows/nsClipboard.cpp @@ -283,16 +283,19 @@ nsresult nsClipboard::GetGlobalData(HGLOBAL aHGBL, void ** aData, uint32_t * aLe { // Allocate a new memory buffer and copy the data from global memory. // Recall that win98 allocates to nearest DWORD boundary. As a safety - // precaution, allocate an extra 2 bytes (but don't report them!) and - // null them out to ensure that all of our strlen calls will succeed. + // precaution, allocate an extra 3 bytes (but don't report them in |aLen|!) + // and null them out to ensure that all of our NS_strlen calls will succeed. + // NS_strlen operates on char16_t, so we need 3 NUL bytes to ensure it finds + // a full NUL char16_t when |*aLen| is odd. nsresult result = NS_ERROR_FAILURE; if (aHGBL != nullptr) { LPSTR lpStr = (LPSTR) GlobalLock(aHGBL); DWORD allocSize = GlobalSize(aHGBL); - char* data = static_cast<char*>(malloc(allocSize + sizeof(char16_t))); + char* data = static_cast<char*>(malloc(allocSize + 3)); if ( data ) { memcpy ( data, lpStr, allocSize ); - data[allocSize] = data[allocSize + 1] = '\0'; // null terminate for safety + data[allocSize] = data[allocSize + 1] = data[allocSize + 2] = + '\0'; // null terminate for safety GlobalUnlock(aHGBL); *aData = data; |