[Spice-devel] [PATCH vdagent] Fixing buffer overflow when reloading wallpaper

Mon Aug 1 10:22:40 UTC 2016

The function "SystemParametersInfo" expects the size of the
buffer in characters. When wchar is used instead of char - two
bytes instead of one byte per character -, then "sizeof" returns wrong
number of characters (twice as much). A suitable solution would be to use
SPICE_N_ELEMENTS.

Based on patch by Sandy Stutsman <sstutsma at redhat.com>

Signed-off-by: Dmitry Fleytman <dfleytma at redhat.com>
Signed-off-by: Sameeh Jubran <sameeh at daynix.com>
---
 vdagent/display_setting.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vdagent/display_setting.cpp b/vdagent/display_setting.cpp
index 1ec7397..c261b67 100644
--- a/vdagent/display_setting.cpp
+++ b/vdagent/display_setting.cpp
@@ -21,6 +21,7 @@
 #include <tlhelp32.h>
 #include "display_setting.h"
 #include "vdlog.h"
+#include "spice-protocol/spice/macros.h"
 
 enum DisplaySettingFlags {
     DISPLAY_SETTING_FLAGS_DISABLE_WALLPAPER = (1 << 0),
@@ -306,7 +307,7 @@ bool DisplaySetting::reload_wallpaper(HKEY desktop_reg_key)
         wallpaper_path[value_size] = '\0';
     }
 
-    if (SystemParametersInfo(SPI_GETDESKWALLPAPER, sizeof(cur_wallpaper), cur_wallpaper, 0)) {
+    if (SystemParametersInfo(SPI_GETDESKWALLPAPER, SPICE_N_ELEMENTS(cur_wallpaper), cur_wallpaper, 0)) {
         if (_tcscmp(cur_wallpaper, TEXT("")) != 0) {
             vd_printf("wallpaper wasn't disabled");
             return true;
-- 
2.5.5

