tyler.durden
/
notepad-plus-plus
mirror of https://github.com/notepad-plus-plus/notepad-plus-plus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix security issue CVE-2022-31901 

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31901
&
https://github.com/CDACesec/CVE-2022-31901

Fix #13520
This commit is contained in:
Don Ho 2023-09-15 03:13:22 +02:00
parent dca3f682fd
commit 113003a79f
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
PowerEditor/src/Notepad_plus.cpp
View File

@ -3430,9 +3430,27 @@ void Notepad_plus::addHotSpot(ScintillaEditView* view)
pView->execute(SCI_SETINDICATORVALUE, indicFore);
UINT cp = static_cast<UINT>(pView->execute(SCI_GETCODEPAGE));
char *encodedText = new char[endPos - startPos + 1];
char* encodedText = nullptr;
try {
encodedText = new char[endPos - startPos + 1];
}
catch (const std::bad_alloc&)
{
return;
}
pView->getText(encodedText, startPos, endPos);
TCHAR *wideText = new TCHAR[endPos - startPos + 1];
TCHAR* wideText = nullptr;
try
{
wideText = new TCHAR[endPos - startPos + 1];
}
catch (const std::bad_alloc&)
{
delete[] encodedText;
return;
}
int wideTextLen = MultiByteToWideChar(cp, 0, encodedText, static_cast<int>(endPos - startPos + 1), (LPWSTR) wideText, static_cast<int>(endPos - startPos + 1)) - 1;
delete[] encodedText;
if (wideTextLen > 0)