Fix incorrect pointer arithmetic in w32_filesel.c
authorAndrej Kacian <ticho@claws-mail.org>
Sat, 29 Dec 2018 14:51:35 +0000 (15:51 +0100)
committerAndrej Kacian <ticho@claws-mail.org>
Sat, 29 Dec 2018 14:51:35 +0000 (15:51 +0100)
This caused the lpstrFilter parameter to be set up
incorrectly, and a buffer overflow.

src/gtk/w32_filesel.c

index 1aa6902..3a37b7b 100644 (file)
@@ -169,8 +169,7 @@ static const gboolean _file_open_dialog(const gchar *path, const gchar *title,
                sz = sizeof(gunichar2);
                win_filter16 = g_malloc0(conv_items*sz*2 + sz*3);
                memcpy(win_filter16, filter16, conv_items*sz);
-               memcpy(win_filter16 + conv_items*sz + sz, filter16, conv_items*sz);
-               g_free(filter16);
+               memcpy(win_filter16 + conv_items + 1, filter16, conv_items*sz);
 
                if (error != NULL) {
                        debug_print("dialog title '%s' conversion to UTF-16 failed\n", title);