gwin32packageparser: Fix read past end of buffer

g_win32_package_parser_enum_packages() reads beyond the end of a buffer
when doing a memcpy.  With app verifier enabled on Windows, it causes
the application to crash on startup.

This change limits the memcpy to the size of the source string.

Fixes: #2454
This commit is contained in:
Jonathan Boeing 2021-08-04 08:55:13 -07:00
parent 709df8eeb4
commit 032eceb9a1

View File

@ -390,7 +390,7 @@ g_win32_package_parser_enum_packages (GWin32PackageParserCallback callback,
wcs_path = LoadedWindowsGetStringRawBuffer (path, NULL);
manifest_filename_size = wcslen (wcs_path) + wcslen (bslash_appmanifest);
manifest_filename = g_new (wchar_t, manifest_filename_size + 1);
memcpy (manifest_filename, wcs_path, manifest_filename_size * sizeof (wchar_t));
memcpy (manifest_filename, wcs_path, wcslen (wcs_path) * sizeof (wchar_t));
memcpy (&manifest_filename[wcslen (wcs_path)], bslash_appmanifest, (wcslen (bslash_appmanifest) + 1) * sizeof (wchar_t));
memset (sax, 0, sizeof (*sax));