AMGetWideString is bugged
eezstreet opened this issue · 0 comments
eezstreet commented
AMGetWideString in Samples/Win7Samples/multimedia/directshow/baseclasses/wxutil.cpp is bugged:
// Return a wide string - allocating memory for it
// Returns:
// S_OK - no error
// E_POINTER - ppszReturn == NULL
// E_OUTOFMEMORY - can't allocate memory for returned string
STDAPI AMGetWideString(LPCWSTR psz, __deref_out LPWSTR *ppszReturn)
{
CheckPointer(ppszReturn, E_POINTER);
ValidateReadWritePtr(ppszReturn, sizeof(LPWSTR));
*ppszReturn = NULL;
ASSERT(psz);
const size_t nameLen = wcslen(psz);
*ppszReturn = (LPWSTR)CoTaskMemAlloc(nameLen + sizeof(WCHAR));
if (*ppszReturn == NULL) {
return E_OUTOFMEMORY;
}
CopyMemory(*ppszReturn, psz, nameLen + sizeof(WCHAR));
return NOERROR;
}
There's two lines that are problematic:
*ppszReturn = (LPWSTR)CoTaskMemAlloc(nameLen + sizeof(WCHAR));
...
CopyMemory(*ppszReturn, psz, nameLen + sizeof(WCHAR));
These should be * sizeof(WCHAR)
, not + sizeof(WCHAR)
. As a result this function won't copy the full string over, rather it will copy a small section of it and won't null-terminate it correctly.
This function is used in CBasePropertyPage::GetPageInfo
in DirectShow, causing any property pages by custom DirectShow filters to have their titles render incorrectly.