New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[REGEDIT] Fix crashes in regedit-find affecting CORE-15986 and CORE-18230 #5146
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not how to use SEH. If there is a crash without SEH, then there is a bug, like a buffer overflow. Please remove SEH and fix that bug instead.
Closed in favor of #5150. |
Reopening to only fix read beyond end of buffer crashes. |
febdf73
to
2e5cda2
Compare
} | ||
|
||
/* To avoid buffer overrun, append 3 NUL bytes. | ||
NOTE: cb can be an odd number although UNICODE_NULL is two bytes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wouldn't put this much work into it TBH. I'd say just write a single UNICODE_NULL -- if the string is an odd length, overwrite the last byte. I.e.
PWCHAR ValueBuffer = (PWCHAR)pb;
ValueBuffer[cb / sizeof(WCHAR)] = UNICODE_NULL;
Weird data in the registry just happens. To me, it doesn't seem worth even DPRINTing for. Except maybe from a dedicated tool that helps us find bugs by pointing out weird registry data so we can locate and fix the code that wrote it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tested your suggestion by going to 'master' and adding your two lines at line number 234. This was right after the RegQueryValueEx and its checking for returned value error. This produced a very quick crash with the log as follows:
Unhandled exception
ExceptionCode: c0000005
Faulting Address: 20230A38
CS:EIP 1b:7c93f73a
DS 23 ES 23 FS 3b GS 0
EAX: 00230a3c EBX: 0024e218 ECX: ffffffff
EDX: 07ffffff EBP: 0022dc38 ESI: 00230000 ESP: 0022dc38
EDI: ffffffff EFLAGS: 00010a07
*** Assertion failed: FreeEntry->PreviousSize == CurrentEntry->Size
*** Source File: ../sdk/lib/rtl/heap.c, line 1166
Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)?
kdb:> o
Execute '.cxr 0022CD60' to dump context
traywnd.cpp:3259: Unexpected failure (m_TrayBandSite->ProcessMessage(m_hWnd, uMsg, wParam, lParam, &Ret))=80004005.
fixme:(dll/win32/imm32/ctf.c:77) (04090409)
aclmulti.cpp:62: Unexpected failure (punk->QueryInterface(IID_PPV_ARG(IACList, &fObjects[fObjectCount].pACL)))=80004002.
err:(dll/win32/shlwapi/autocomp.cpp:51) punk->QueryInterface failed: 0x80004002
fixme:(dll/win32/shlwapi/url.c:1977) (L"regedit" 4): stub
fixme:(dll/win32/shell32/shlexec.cpp:1926) flags ignored: 0x00000100
fixme:(dll/win32/imm32/ctf.c:77) (04090409)
Unhandled exception
ExceptionCode: c0000005
Faulting Address: 20230A38
CS:EIP 1b:7c93f73a
DS 23 ES 23 FS 3b GS 0
EAX: 00230a3c EBX: 0024e218 ECX: ffffffff
EDX: 07ffffff EBP: 0022dc38 ESI: 00230000 ESP: 0022dc38
EDI: ffffffff EFLAGS: 00010a07
*** Assertion failed: FreeEntry->PreviousSize == CurrentEntry->Size
*** Source File: ../sdk/lib/rtl/heap.c, line 1166
Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)?
kdb:> O
Execute '.cxr 0022CD60' to dump context
Suggestions? Thanks for your help on this.
Later: Maybe I should have done this only after checking for an odd number of bytes returned?
But this does not handle the case where we are missing a UNICODE_NULL at the end of the string?
Reason for editing: Jira wanted to turn my pound sign with number following into a link. :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PWCHAR ValueBuffer = (PWCHAR)pb; ValueBuffer[cb / sizeof(WCHAR)] = UNICODE_NULL;
This broke the original data. I would reject it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Jesus. When a unicode string has an odd size in bytes, there is a major problem. This doesn't just happen. It means there is a bug somewhere. This whole "let's ignore the bug and just pretend it's all good" thing is not the way to go. Can we please stop adding hacks and fix the shit where it is broken? "X crashes and Y does not, so Y must be the correct code" is complete BS. If there is a crash, then there is a bug somewhere. Find it! Stop being lazy asses and commit hacks to work around existing bugs that you are too lazy to find.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I unresolved this conversation with the aim to make @tkreuzer comment more visible in the future.
Please leave it in unresolved state.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In any case, a registry viewer/editor should not crash when it encounters malformed data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The data comes from the registry. If it is malformed, there is a either a bug in the kernel or - and that is more likely - a bug in some other regedit code. Either way, someone needs to investigate it instead of blindly assuming that random crashes on invalid data are simply something "normal".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DebugBreak();
will be added for odd size.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please don't add extra code for this. Just handle it safely without crashing. If we want to find bugs in places that write to the registry, let's have a separate scanner tool.
My suggestion from the top of this thread still stands. The only reason it crashed is because the malloc
call needs space for the extra null terminator, just like it does with the weird 3-byte solution.
Fixes crashes in regedit-find affecting CORE-15896 and CORE-18230.
6870acc
to
f74db7e
Compare
Thanks for everyone's help with reviews on this and thanks to @katahiromz for committing it. |
We will check the data size correctly, instead of 3 NUL byte appending hack. Add bSelectNone parameter to UpdateAddress and RefreshListView functions. If bSelectNone is TRUE, then select nothing of ListView. Fix item selection of ListView. Rename CompareData helper function as MatchData and improve it. Improve the search algorithm. If the item selection of ListView changed, scroll down to the item. Follow up to #5146. CORE-15986, CORE-18230
0.4.15-dev-5985-g 31fdaca [REGEDIT] Strip redundant include, minor formatting (#5264) 0.4.15-dev-5970-g 9d7d331 [REGEDIT] Check whether pszSelectKey is NULL on CDN_FILEOK (#5255) 0.4.15-dev-5898-g 84e580b [REGEDIT] Fix ListView selection and finding (#5150) (superseded) 0.4.15-dev-5802-g cce3eb9 Fix buffer read past end problem. (#5146) CORE-15896 and CORE-18230 partially 0.4.15-dev-5753-g 1ee9ea4 [REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602 (I left the wscpy-replacement at the end for the fixed size strings, as they would increase binary size, and are totally safe) partially 0.4.15-dev-5308-g 5daf5cd [REGEDIT] Use shell icons for the tree view (#4841) CORE-10764 0.4.15-dev-4850-g 568383c [REGEDIT] Fix issue at Find registry key (#4341) partially 0.4.15-dev-2265-g bebdfda [REGEDIT]... Use newer file open dialog (#3571) 0.4.15-dev-1470-g 9de8787 [REGEDIT] Display search finished messagebox when using Find Next (F3) menu item (#3371) CORE-17368 0.4.15-dev-1302-g 6aae5f4 [REGEDIT] Make "finished find" messagebox owned by Regedit window (#3369) CORE-17367 0.4.15-dev-169-g 0461de3 [REGEDIT] Fix HeapFree() on the wrong variable (#2736) a few fragments only of 0.4.15-dev-5304-g 36a7f0d [REGEDIT] framewnd.c resize_frame_rect(), main.h strip externs before func declarations and reordering, treeview.c InitTreeViewImageLists() also port back a few selected translation improvements
0.4.15-dev-5985-g 31fdaca [REGEDIT] Strip redundant include, minor formatting (#5264) 0.4.15-dev-5970-g 9d7d331 [REGEDIT] Check whether pszSelectKey is NULL on CDN_FILEOK (#5255) 0.4.15-dev-5898-g 84e580b [REGEDIT] Fix ListView selection and finding (#5150) (superseded) 0.4.15-dev-5802-g cce3eb9 Fix buffer read past end problem. (#5146) CORE-15896 and CORE-18230 partially 0.4.15-dev-5753-g 1ee9ea4 [REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602 (I left the wscpy-replacement at the end for the fixed size strings, as they would increase binary size, and are totally safe) partially 0.4.15-dev-5308-g 5daf5cd [REGEDIT] Use shell icons for the tree view (#4841) CORE-10764 0.4.15-dev-4850-g 568383c [REGEDIT] Fix issue at Find registry key (#4341) partially 0.4.15-dev-2265-g bebdfda [REGEDIT]... Use newer file open dialog (#3571) 0.4.15-dev-1470-g 9de8787 [REGEDIT] Display search finished messagebox when using Find Next (F3) menu item (#3371) CORE-17368 0.4.15-dev-1302-g 6aae5f4 [REGEDIT] Make "finished find" messagebox owned by Regedit window (#3369) CORE-17367 0.4.15-dev-169-g 0461de3 [REGEDIT] Fix HeapFree() on the wrong variable (#2736) 0.4.14-dev-1484-g c832112 [REGEDIT] Fix tree view popup menu issues CORE-16887 0.4.14-dev-1468-g 763de23 [REGEDIT] Fix inconsistent menu state for 'Permissions' CORE-16889 a more efficient solution than 0.4.14-dev-1467-g b280615 [REGEDIT] Crash on selecting 'New' on root item 'My computer' CORE-16888 0.4.14-dev-1466-g 13dd917 [REGEDIT] CORE-16892 fr-FR Translation update a few fragments only of 0.4.15-dev-5304-g 36a7f0d [REGEDIT] framewnd.c resize_frame_rect(), main.h strip externs before func declarations and reordering, treeview.c InitTreeViewImageLists() also port back a few selected translation improvements, and strip the suggestions-feature in older branches <= 0.4.13 which does not exist in 2k3sp2.
0.4.15-dev-5985-g 31fdaca [REGEDIT] Strip redundant include, minor formatting (#5264) 0.4.15-dev-5970-g 9d7d331 [REGEDIT] Check whether pszSelectKey is NULL on CDN_FILEOK (#5255) 0.4.15-dev-5898-g 84e580b [REGEDIT] Fix ListView selection and finding (#5150) (superseded) 0.4.15-dev-5802-g cce3eb9 Fix buffer read past end problem. (#5146) CORE-15896 and CORE-18230 partially 0.4.15-dev-5753-g 1ee9ea4 [REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602 (I left the wscpy-replacement at the end for the fixed size strings, as they would increase binary size, and are totally safe) partially 0.4.15-dev-5308-g 5daf5cd [REGEDIT] Use shell icons for the tree view (#4841) CORE-10764 0.4.15-dev-4850-g 568383c [REGEDIT] Fix issue at Find registry key (#4341) partially 0.4.15-dev-2265-g bebdfda [REGEDIT]... Use newer file open dialog (#3571) 0.4.15-dev-1470-g 9de8787 [REGEDIT] Display search finished messagebox when using Find Next (F3) menu item (#3371) CORE-17368 0.4.15-dev-1302-g 6aae5f4 [REGEDIT] Make "finished find" messagebox owned by Regedit window (#3369) CORE-17367 0.4.15-dev-169-g 0461de3 [REGEDIT] Fix HeapFree() on the wrong variable (#2736) 0.4.14-dev-1484-g c832112 [REGEDIT] Fix tree view popup menu issues CORE-16887 0.4.14-dev-1468-g 763de23 [REGEDIT] Fix inconsistent menu state for 'Permissions' CORE-16889 a more efficient solution than 0.4.14-dev-1467-g b280615 [REGEDIT] Crash on selecting 'New' on root item 'My computer' CORE-16888 0.4.14-dev-1466-g 13dd917 [REGEDIT] CORE-16892 fr-FR Translation update 0.4.13-dev-464-g 6b95727 [REGEDIT] Adjust ListView column widths (#1663) CORE-15187 a few fragments only of 0.4.15-dev-5304-g 36a7f0d [REGEDIT] framewnd.c resize_frame_rect(), main.h strip externs before func declarations and reordering, treeview.c InitTreeViewImageLists() also port back a few selected translation improvements, and strip the suggestions-feature in older branches <= 0.4.13 which does not exist in 2k3sp2.
0.4.15-dev-5985-g 31fdaca [REGEDIT] Strip redundant include, minor formatting (#5264) 0.4.15-dev-5970-g 9d7d331 [REGEDIT] Check whether pszSelectKey is NULL on CDN_FILEOK (#5255) 0.4.15-dev-5898-g 84e580b [REGEDIT] Fix ListView selection and finding (#5150) (superseded) 0.4.15-dev-5802-g cce3eb9 Fix buffer read past end problem. (#5146) CORE-15896 and CORE-18230 partially 0.4.15-dev-5753-g 1ee9ea4 [REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602 (I left the wscpy-replacement at the end for the fixed size strings, as they would increase binary size, and are totally safe) partially 0.4.15-dev-5308-g 5daf5cd [REGEDIT] Use shell icons for the tree view (#4841) CORE-10764 0.4.15-dev-4850-g 568383c [REGEDIT] Fix issue at Find registry key (#4341) partially 0.4.15-dev-2265-g bebdfda [REGEDIT]... Use newer file open dialog (#3571) 0.4.15-dev-1470-g 9de8787 [REGEDIT] Display search finished messagebox when using Find Next (F3) menu item (#3371) CORE-17368 0.4.15-dev-1302-g 6aae5f4 [REGEDIT] Make "finished find" messagebox owned by Regedit window (#3369) CORE-17367 0.4.15-dev-169-g 0461de3 [REGEDIT] Fix HeapFree() on the wrong variable (#2736) 0.4.14-dev-1484-g c832112 [REGEDIT] Fix tree view popup menu issues CORE-16887 0.4.14-dev-1468-g 763de23 [REGEDIT] Fix inconsistent menu state for 'Permissions' CORE-16889 a more efficient solution than 0.4.14-dev-1467-g b280615 [REGEDIT] Crash on selecting 'New' on root item 'My computer' CORE-16888 0.4.14-dev-1466-g 13dd917 [REGEDIT] CORE-16892 fr-FR Translation update 0.4.13-dev-464-g 6b95727 [REGEDIT] Adjust ListView column widths (#1663) CORE-15187 0.4.12-dev-47-g 63a0ac0 [REGEDIT] Set background brush to child window (#1122) CORE-15442 a few fragments only of 0.4.15-dev-5304-g 36a7f0d [REGEDIT] framewnd.c resize_frame_rect(), main.h strip externs before func declarations and reordering, treeview.c InitTreeViewImageLists() also port back a few selected translation improvements, and strip the suggestions-feature in older branches <= 0.4.13 which does not exist in 2k3sp2.
0.4.15-dev-5985-g 31fdaca [REGEDIT] Strip redundant include, minor formatting (#5264) 0.4.15-dev-5970-g 9d7d331 [REGEDIT] Check whether pszSelectKey is NULL on CDN_FILEOK (#5255) 0.4.15-dev-5898-g 84e580b [REGEDIT] Fix ListView selection and finding (#5150) (superseded) 0.4.15-dev-5802-g cce3eb9 Fix buffer read past end problem. (#5146) CORE-15896 and CORE-18230 partially 0.4.15-dev-5753-g 1ee9ea4 [REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602 (I left the wscpy-replacement at the end for the fixed size strings, as they would increase binary size, and are totally safe) partially 0.4.15-dev-5308-g 5daf5cd [REGEDIT] Use shell icons for the tree view (#4841) CORE-10764 0.4.15-dev-4850-g 568383c [REGEDIT] Fix issue at Find registry key (#4341) partially 0.4.15-dev-2265-g bebdfda [REGEDIT]... Use newer file open dialog (#3571) 0.4.15-dev-1470-g 9de8787 [REGEDIT] Display search finished messagebox when using Find Next (F3) menu item (#3371) CORE-17368 0.4.15-dev-1302-g 6aae5f4 [REGEDIT] Make "finished find" messagebox owned by Regedit window (#3369) CORE-17367 0.4.15-dev-169-g 0461de3 [REGEDIT] Fix HeapFree() on the wrong variable (#2736) 0.4.14-dev-1484-g c832112 [REGEDIT] Fix tree view popup menu issues CORE-16887 0.4.14-dev-1468-g 763de23 [REGEDIT] Fix inconsistent menu state for 'Permissions' CORE-16889 a more efficient solution than 0.4.14-dev-1467-g b280615 [REGEDIT] Crash on selecting 'New' on root item 'My computer' CORE-16888 0.4.14-dev-1466-g 13dd917 [REGEDIT] CORE-16892 fr-FR Translation update 0.4.13-dev-464-g 6b95727 [REGEDIT] Adjust ListView column widths (#1663) CORE-15187 0.4.12-dev-47-g 63a0ac0 [REGEDIT] Set background brush to child window (#1122) CORE-15442 0.4.11-dev-481-g efbebf9 [REGEDIT] Improve the layout of controls (#967) CORE-15187 0.4.11-dev-480-g e4c2cff [REGEDIT] Don't paint background in WM_PAINT (#970) CORE-15187 0.4.11-dev-458-g 125db5e [REGEDIT] Trivial resizing code fix (#950) 0.4.11-dev-457-g b3231e0 [REGEDIT] Code formatting (#949) a few fragments only of 0.4.15-dev-5304-g 36a7f0d [REGEDIT] framewnd.c resize_frame_rect(), main.h strip externs before func declarations and reordering, treeview.c InitTreeViewImageLists() also port back a few selected translation improvements, and strip the suggestions-feature in older branches <= 0.4.13 which does not exist in 2k3sp2.
0.4.15-dev-5985-g 31fdaca [REGEDIT] Strip redundant include, minor formatting (#5264) 0.4.15-dev-5970-g 9d7d331 [REGEDIT] Check whether pszSelectKey is NULL on CDN_FILEOK (#5255) 0.4.15-dev-5898-g 84e580b [REGEDIT] Fix ListView selection and finding (#5150) (superseded) 0.4.15-dev-5802-g cce3eb9 Fix buffer read past end problem. (#5146) CORE-15896 and CORE-18230 partially 0.4.15-dev-5753-g 1ee9ea4 [REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602 (I left the wscpy-replacement at the end for the fixed size strings, as they would increase binary size, and are totally safe) partially 0.4.15-dev-5308-g 5daf5cd [REGEDIT] Use shell icons for the tree view (#4841) CORE-10764 0.4.15-dev-4850-g 568383c [REGEDIT] Fix issue at Find registry key (#4341) partially 0.4.15-dev-2265-g bebdfda [REGEDIT]... Use newer file open dialog (#3571) 0.4.15-dev-1470-g 9de8787 [REGEDIT] Display search finished messagebox when using Find Next (F3) menu item (#3371) CORE-17368 0.4.15-dev-1302-g 6aae5f4 [REGEDIT] Make "finished find" messagebox owned by Regedit window (#3369) CORE-17367 0.4.15-dev-169-g 0461de3 [REGEDIT] Fix HeapFree() on the wrong variable (#2736) 0.4.14-dev-1484-g c832112 [REGEDIT] Fix tree view popup menu issues CORE-16887 0.4.14-dev-1468-g 763de23 [REGEDIT] Fix inconsistent menu state for 'Permissions' CORE-16889 a more efficient solution than 0.4.14-dev-1467-g b280615 [REGEDIT] Crash on selecting 'New' on root item 'My computer' CORE-16888 0.4.14-dev-1466-g 13dd917 [REGEDIT] CORE-16892 fr-FR Translation update 0.4.13-dev-464-g 6b95727 [REGEDIT] Adjust ListView column widths (#1663) CORE-15187 0.4.12-dev-47-g 63a0ac0 [REGEDIT] Set background brush to child window (#1122) CORE-15442 0.4.11-dev-481-g efbebf9 [REGEDIT] Improve the layout of controls (#967) CORE-15187 0.4.11-dev-480-g e4c2cff [REGEDIT] Don't paint background in WM_PAINT (#970) CORE-15187 0.4.11-dev-458-g 125db5e [REGEDIT] Trivial resizing code fix (#950) 0.4.11-dev-457-g b3231e0 [REGEDIT] Code formatting (#949) 0.4.10-dev-244-g b941574 [REGEDIT] Fix importing very big *.reg files (HEX values commonly) (#618) a few fragments only of 0.4.15-dev-5304-g 36a7f0d [REGEDIT] framewnd.c resize_frame_rect(), main.h strip externs before func declarations and reordering, treeview.c InitTreeViewImageLists() also port back a few selected translation improvements, and strip the suggestions-feature in older branches <= 0.4.13 which does not exist in 2k3sp2.
0.4.15-dev-5985-g 31fdaca [REGEDIT] Strip redundant include, minor formatting (#5264) 0.4.15-dev-5970-g 9d7d331 [REGEDIT] Check whether pszSelectKey is NULL on CDN_FILEOK (#5255) 0.4.15-dev-5898-g 84e580b [REGEDIT] Fix ListView selection and finding (#5150) (superseded) 0.4.15-dev-5802-g cce3eb9 Fix buffer read past end problem. (#5146) CORE-15896 and CORE-18230 partially 0.4.15-dev-5753-g 1ee9ea4 [REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602 (I left the wscpy-replacement at the end for the fixed size strings, as they would increase binary size, and are totally safe) partially 0.4.15-dev-5308-g 5daf5cd [REGEDIT] Use shell icons for the tree view (#4841) CORE-10764 0.4.15-dev-4850-g 568383c [REGEDIT] Fix issue at Find registry key (#4341) partially 0.4.15-dev-2265-g bebdfda [REGEDIT]... Use newer file open dialog (#3571) 0.4.15-dev-1470-g 9de8787 [REGEDIT] Display search finished messagebox when using Find Next (F3) menu item (#3371) CORE-17368 0.4.15-dev-1302-g 6aae5f4 [REGEDIT] Make "finished find" messagebox owned by Regedit window (#3369) CORE-17367 0.4.15-dev-169-g 0461de3 [REGEDIT] Fix HeapFree() on the wrong variable (#2736) 0.4.14-dev-1484-g c832112 [REGEDIT] Fix tree view popup menu issues CORE-16887 0.4.14-dev-1468-g 763de23 [REGEDIT] Fix inconsistent menu state for 'Permissions' CORE-16889 a more efficient solution than 0.4.14-dev-1467-g b280615 [REGEDIT] Crash on selecting 'New' on root item 'My computer' CORE-16888 0.4.14-dev-1466-g 13dd917 [REGEDIT] CORE-16892 fr-FR Translation update 0.4.13-dev-464-g 6b95727 [REGEDIT] Adjust ListView column widths (#1663) CORE-15187 0.4.12-dev-47-g 63a0ac0 [REGEDIT] Set background brush to child window (#1122) CORE-15442 0.4.11-dev-481-g efbebf9 [REGEDIT] Improve the layout of controls (#967) CORE-15187 0.4.11-dev-480-g e4c2cff [REGEDIT] Don't paint background in WM_PAINT (#970) CORE-15187 0.4.11-dev-458-g 125db5e [REGEDIT] Trivial resizing code fix (#950) 0.4.11-dev-457-g b3231e0 [REGEDIT] Code formatting (#949) 0.4.10-dev-244-g b941574 [REGEDIT] Fix importing very big *.reg files (HEX values commonly) (#618) a few fragments only of 0.4.15-dev-5304-g 36a7f0d [REGEDIT] framewnd.c resize_frame_rect(), main.h strip externs before func declarations and reordering, treeview.c InitTreeViewImageLists() also port back a few selected translation improvements, and strip the suggestions-feature in older branches <= 0.4.13 which does not exist in 2k3sp2.
0.4.15-dev-5985-g 31fdaca [REGEDIT] Strip redundant include, minor formatting (#5264) 0.4.15-dev-5970-g 9d7d331 [REGEDIT] Check whether pszSelectKey is NULL on CDN_FILEOK (#5255) 0.4.15-dev-5898-g 84e580b [REGEDIT] Fix ListView selection and finding (#5150) (superseded) 0.4.15-dev-5802-g cce3eb9 Fix buffer read past end problem. (#5146) CORE-15896 and CORE-18230 partially 0.4.15-dev-5753-g 1ee9ea4 [REGEDIT] Avoid buffer overflow in SelectNode. CORE-18602 (I left the wscpy-replacement at the end for the fixed size strings, as they would increase binary size, and are totally safe) partially 0.4.15-dev-5308-g 5daf5cd [REGEDIT] Use shell icons for the tree view (#4841) CORE-10764 0.4.15-dev-4850-g 568383c [REGEDIT] Fix issue at Find registry key (#4341) partially 0.4.15-dev-2265-g bebdfda [REGEDIT]... Use newer file open dialog (#3571) 0.4.15-dev-1470-g 9de8787 [REGEDIT] Display search finished messagebox when using Find Next (F3) menu item (#3371) CORE-17368 0.4.15-dev-1302-g 6aae5f4 [REGEDIT] Make "finished find" messagebox owned by Regedit window (#3369) CORE-17367 0.4.15-dev-169-g 0461de3 [REGEDIT] Fix HeapFree() on the wrong variable (#2736) 0.4.14-dev-1484-g c832112 [REGEDIT] Fix tree view popup menu issues CORE-16887 0.4.14-dev-1468-g 763de23 [REGEDIT] Fix inconsistent menu state for 'Permissions' CORE-16889 a more efficient solution than 0.4.14-dev-1467-g b280615 [REGEDIT] Crash on selecting 'New' on root item 'My computer' CORE-16888 0.4.14-dev-1466-g 13dd917 [REGEDIT] CORE-16892 fr-FR Translation update 0.4.13-dev-464-g 6b95727 [REGEDIT] Adjust ListView column widths (#1663) CORE-15187 0.4.12-dev-47-g 63a0ac0 [REGEDIT] Set background brush to child window (#1122) CORE-15442 0.4.11-dev-481-g efbebf9 [REGEDIT] Improve the layout of controls (#967) CORE-15187 0.4.11-dev-480-g e4c2cff [REGEDIT] Don't paint background in WM_PAINT (#970) CORE-15187 0.4.11-dev-458-g 125db5e [REGEDIT] Trivial resizing code fix (#950) 0.4.11-dev-457-g b3231e0 [REGEDIT] Code formatting (#949) 0.4.10-dev-244-g b941574 [REGEDIT] Fix importing very big *.reg files (HEX values commonly) (#618) a few fragments only of 0.4.15-dev-5304-g 36a7f0d [REGEDIT] framewnd.c resize_frame_rect(), main.h strip externs before func declarations and reordering, treeview.c InitTreeViewImageLists() also port back a few selected translation improvements, and strip the suggestions-feature in older branches <= 0.4.13 which does not exist in 2k3sp2.
Purpose
Fix crashes in regedit-find.
JIRA issue: CORE-15986
JIRA issue: CORE-18230
Proposed changes
After possible RegQueryValueExW append 3 zero bytes to guarantee that we will end with a UNICODE NULL.