You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not sure what the default capacity of a default constructed StringBuilder class as stringbuilder.-ctor documentation says "the capacity is set to the implementation-specific default capacity."
However, the native Win32 API call GetKeyNameText requires that the given buffer size must be at least as big as the amount given in the third parameter.
In version 1 this is 100 in multiple places and may lead to buffer overflows in case the resulting key names are longer than the actual allocated memory:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Not sure what the default capacity of a default constructed StringBuilder class as stringbuilder.-ctor documentation says "the capacity is set to the implementation-specific default capacity."
However, the native Win32 API call GetKeyNameText requires that the given buffer size must be at least as big as the amount given in the third parameter.
In version 1 this is 100 in multiple places and may lead to buffer overflows in case the resulting key names are longer than the actual allocated memory:
SystemTrayMenu/UserInterface/HotkeyTextboxControl/HotkeyControl.cs
Line 304 in 4cf4b98
SystemTrayMenu/UserInterface/HotkeyTextboxControl/HotkeyControl.cs
Line 323 in 4cf4b98
Suggestion, use defined capacity and pass actual buffer size to native call (as here in v2 example):
SystemTrayMenu/Helpers/GlobalHotkeys.cs
Line 187 in 60329d5
SystemTrayMenu/Helpers/GlobalHotkeys.cs
Line 193 in 60329d5
Beta Was this translation helpful? Give feedback.
All reactions