Bug 1000079 - Don't let Windows overwrite length 0 strings. r=bsmedberg
authorJames Kitchener <jkitch.bug@gmail.com>
Thu, 24 Apr 2014 01:03:00 +0200
changeset 180470 05519890c1cc85202cdd998e42aba8abee5b58cb
parent 180469 60c2852b75eebd93838d787eff5cc44c7cecde1a
child 180471 2b2f0809d1c0cdeb230562426750fcb207285b30
push id272
push userpvanderbeken@mozilla.com
push dateMon, 05 May 2014 16:31:18 +0000
reviewersbsmedberg
bugs1000079
milestone31.0a1
Bug 1000079 - Don't let Windows overwrite length 0 strings. r=bsmedberg
toolkit/xre/nsXREDirProvider.cpp
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -926,18 +926,18 @@ GetRegWindowsAppDataFolder(bool aLocal, 
   // The call to RegQueryValueExW must succeed, the type must be REG_SZ, the
   // buffer size must not equal 0, and the buffer size be a multiple of 2.
   if (res != ERROR_SUCCESS || type != REG_SZ || size == 0 || size % 2 != 0) {
     ::RegCloseKey(key);
     _retval.SetLength(0);
     return NS_ERROR_NOT_AVAILABLE;
   }
 
-  // |size| includes room for the terminating null character
-  DWORD resultLen = size / 2 - 1;
+  // |size| may or may not include room for the terminating null character
+  DWORD resultLen = size / 2;
 
   _retval.SetLength(resultLen);
   nsAString::iterator begin;
   _retval.BeginWriting(begin);
   if (begin.size_forward() != resultLen) {
     ::RegCloseKey(key);
     _retval.SetLength(0);
     return NS_ERROR_NOT_AVAILABLE;
@@ -946,16 +946,21 @@ GetRegWindowsAppDataFolder(bool aLocal, 
   res = RegQueryValueExW(key, (aLocal ? L"Local AppData" : L"AppData"),
                          nullptr, nullptr, (LPBYTE) begin.get(), &size);
   ::RegCloseKey(key);
   if (res != ERROR_SUCCESS) {
     _retval.SetLength(0);
     return NS_ERROR_NOT_AVAILABLE;
   }
 
+  if (!_retval.CharAt(resultLen - 1)) {
+    // It was already null terminated.
+    _retval.Truncate(resultLen - 1);
+  }
+
   return NS_OK;
 }
 
 static bool
 GetCachedHash(HKEY rootKey, const nsAString &regPath, const nsAString &path,
               nsAString &cachedHash)
 {
   HKEY baseKey;