Bug 1000030 - Don't let Windows overwrite length 0 strings. r=dmajor
authorJames Kitchener <jkitch.bug@gmail.com>
Sat, 26 Apr 2014 04:03:00 -0400
changeset 198934 766648238bd3c6bbdce631ac93ecc2678b1c61be
parent 198933 88f7fddea8058512b7652451adb972c2b41b55c3
child 198935 7dd1a04ced802e373c9c894d56c6aeffbcf05c75
push id3624
push userasasaki@mozilla.com
push dateMon, 09 Jun 2014 21:49:01 +0000
treeherdermozilla-beta@b1a5da15899a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdmajor
bugs1000030
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1000030 - Don't let Windows overwrite length 0 strings. r=dmajor
xpcom/ds/nsWindowsRegKey.cpp
--- a/xpcom/ds/nsWindowsRegKey.cpp
+++ b/xpcom/ds/nsWindowsRegKey.cpp
@@ -317,17 +317,17 @@ nsWindowsRegKey::ReadStringValue(const n
     // The string passed to us had a null terminator in the final position.
     result.Truncate(resultLen-1);
   }
 
   // Expand the environment variables if needed
   if (type == REG_EXPAND_SZ) {
     const nsString &flatSource = PromiseFlatString(result);
     resultLen = ExpandEnvironmentStringsW(flatSource.get(), nullptr, 0);
-    if (resultLen > 0) {
+    if (resultLen > 1) {
       nsAutoString expandedResult;
       // |resultLen| includes the terminating null character
       --resultLen;
       expandedResult.SetLength(resultLen);
       nsAString::iterator begin;
       expandedResult.BeginWriting(begin);
       if (begin.size_forward() != resultLen)
         return NS_ERROR_OUT_OF_MEMORY;
@@ -337,16 +337,19 @@ nsWindowsRegKey::ReadStringValue(const n
                                             resultLen + 1);
       if (resultLen <= 0) {
         rv = ERROR_UNKNOWN_FEATURE;
         result.Truncate();
       } else {
         rv = ERROR_SUCCESS;
         result = expandedResult;
       }
+    } else if (resultLen == 1) {
+      // It apparently expands to nothing (just a null terminator).
+      result.Truncate();
     }
   }
 
   return (rv == ERROR_SUCCESS) ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsWindowsRegKey::ReadIntValue(const nsAString &name, uint32_t *result)
@@ -382,16 +385,21 @@ nsWindowsRegKey::ReadBinaryValue(const n
 
   DWORD size;
   LONG rv = RegQueryValueExW(mKey, PromiseFlatString(name).get(), 0,
                              nullptr, nullptr, &size);
 
   if (rv != ERROR_SUCCESS)
     return NS_ERROR_FAILURE;
 
+  if (!size) {
+    result.Truncate();
+    return NS_OK;
+  }
+
   result.SetLength(size);
   nsACString::iterator begin;
   result.BeginWriting(begin);
   if (begin.size_forward() != size)
     return NS_ERROR_OUT_OF_MEMORY;
 
   rv = RegQueryValueExW(mKey, PromiseFlatString(name).get(), 0, nullptr,
                         (LPBYTE) begin.get(), &size);