Modify

Opened 10 years ago

Closed 10 years ago

#1260 closed Bug (Fixed)

Buffer overflow in _WinAPI_GetLastErrorMessage()

Reported by: danielkza Owned by: Valik
Milestone: 3.3.1.5 Component: Standard UDFs
Version: 3.3.1.3 Severity: Blocking
Keywords: Cc:

Description

Func _WinAPI_GetLastErrorMessage()
  Local $tText

  $tText = DllStructCreate("char Text[4096]")

 _WinAPI_FormatMessage($__WINAPCONSTANT_FORMAT_MESSAGE_FROM_SYSTEM, 0, _WinAPI_GetLastError(), 0, DllStructGetPtr($tText), 4096, 0)
  Return DllStructGetData($tText, "Text")
EndFunc   ;==>_WinAPI_GetLastErrorMessage

The 'nSize' parameter passed is not accounting for the terminating null character: it should be 4095, or the array size should be changed to 4097, according to MSDN's example code.

Another solution (a more elegant one, in my view) is letting FormatMessage allocate the buffer. The attached file contains a implementation of this method.

Thank you,
Daniel

Attachments (1)

WinAPI_GetLastErrorMessageW.au3 (1.0 KB) - added by danielkza 10 years ago.
WinAPI_GetLastErrorMessageW

Download all attachments as: .zip

Change History (3)

Changed 10 years ago by danielkza

WinAPI_GetLastErrorMessageW

comment:1 Changed 10 years ago by Valik

  • Severity changed from None to Blocking

comment:2 Changed 10 years ago by Valik

  • Milestone set to 3.3.1.5
  • Owner changed from Gary to Valik
  • Resolution set to Fixed
  • Status changed from new to closed

Fixed by revision [5355] in version: 3.3.1.5

Guidelines for posting comments:

  • You cannot re-open a ticket but you may still leave a comment if you have additional information to add.
  • In-depth discussions should take place on the forum.

For more information see the full version of the ticket guidelines here.

Add Comment

Modify Ticket

Action
as closed The owner will remain Valik.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.