mirror/JUCE
1
0
Fork 0
mirror of https://github.com/juce-framework/JUCE.git synced 2026-01-10 23:44:24 +00:00
Code Activity

NativeMessageBox: Fix string pointer use-after-free

Browse source 
toWideCharPointer() returns a pointer to a buffer managed by the String.
The wchar_t pointers are not read until the invocation of
TaskDialogIndirect, so the String instances must remain alive until this
point.
This commit is contained in:
reuk 2024-09-04 13:43:30 +01:00
parent add3a5de0d
commit e598337655
1 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/juce_gui_basics/native/juce_NativeMessageBox_windows.cpp
View file

@ -100,12 +100,15 @@ std::unique_ptr<ScopedMessageBoxInterface> ScopedMessageBoxInterface::create (co
return [this, parent]
{
const auto title = options.getTitle();
const auto message = options.getMessage();
TASKDIALOGCONFIG config{};
config.cbSize = sizeof (config);
config.hwndParent = parent;
config.pszWindowTitle = options.getTitle().toWideCharPointer();
config.pszContent = options.getMessage().toWideCharPointer();
config.pszWindowTitle = title.toWideCharPointer();
config.pszContent = message.toWideCharPointer();
config.hInstance = (HINSTANCE) Process::getCurrentModuleInstanceHandle();
config.lpCallbackData = reinterpret_cast<LONG_PTR> (this);
config.pfCallback = [] (HWND hwnd, UINT msg, WPARAM, LPARAM, LONG_PTR lpRefData)
@ -154,11 +157,12 @@ std::unique_ptr<ScopedMessageBoxInterface> ScopedMessageBoxInterface::create (co
}();
}
std::vector<String> buttonStrings;
std::vector<TASKDIALOG_BUTTON> buttonLabels;
for (auto i = 0; i < options.getNumButtons(); ++i)
if (const auto buttonText = options.getButtonText (i); buttonText.isNotEmpty())
buttonLabels.push_back ({ (int) buttonLabels.size(), buttonText.toWideCharPointer() });
buttonLabels.push_back ({ (int) buttonLabels.size(), buttonStrings.emplace_back (buttonText).toWideCharPointer() });
config.pButtons = buttonLabels.data();
config.cButtons = (UINT) buttonLabels.size();