Modify

Opened on Oct 31, 2009 at 4:49:51 PM

Closed on Nov 2, 2009 at 8:45:07 PM

#1260 closed Bug (Fixed)

Buffer overflow in _WinAPI_GetLastErrorMessage()

Reported by: danielkza Owned by: Valik
Milestone: 3.3.1.5 Component: Standard UDFs
Version: 3.3.1.3 Severity: Blocking
Keywords: Cc:

Description 

Func _WinAPI_GetLastErrorMessage()
  Local $tText

  $tText = DllStructCreate("char Text[4096]")

 _WinAPI_FormatMessage($__WINAPCONSTANT_FORMAT_MESSAGE_FROM_SYSTEM, 0, _WinAPI_GetLastError(), 0, DllStructGetPtr($tText), 4096, 0)
  Return DllStructGetData($tText, "Text")
EndFunc   ;==>_WinAPI_GetLastErrorMessage

The 'nSize' parameter passed is not accounting for the terminating null character: it should be 4095, or the array size should be changed to 4097, according to MSDN's example code.

Another solution (a more elegant one, in my view) is letting FormatMessage allocate the buffer. The attached file contains a implementation of this method.

Thank you,
Daniel

Attachments (1)

WinAPI_GetLastErrorMessageW.au3 (1.0 KB ) - added by danielkza on Oct 31, 2009 at 4:51:39 PM.
WinAPI_GetLastErrorMessageW

Download all attachments as: .zip

Change History (3)

by danielkza, on Oct 31, 2009 at 4:51:39 PM

Attachment: WinAPI_GetLastErrorMessageW.au3 added

WinAPI_GetLastErrorMessageW

comment:1 by Valik, on Nov 1, 2009 at 11:05:05 PM

Severity: NoneBlocking

comment:2 by Valik, on Nov 2, 2009 at 8:45:07 PM

Milestone: 3.3.1.5
Owner: changed from Gary to Valik
Resolution: Fixed
Status: newclosed

Fixed by revision [5355] in version: 3.3.1.5

Modify Ticket

Action
as closed The owner will remain Valik.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.