From: VMware, Inc <> Date: Sat, 28 May 2011 19:27:44 +0000 (-0700) Subject: Fix ASSERT in string.cc:80 X-Git-Tag: 2011.05.27-420096~69 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d28444f1dd1dda7d40ff41b364edcb2c6c429c85;p=thirdparty%2Fopen-vm-tools.git Fix ASSERT in string.cc:80 The reason for the bug is that we assume that there should be ending NULL for any text clipboard, but for clipboard data from old guest (win95/98), the text may be not NULL terminated, and caused problem. The fix is to always attach NULL for any clipboard buffer. Signed-off-by: Marcelo Vanzin --- diff --git a/open-vm-tools/services/plugins/dndcp/dnd/dndClipboard.c b/open-vm-tools/services/plugins/dndcp/dnd/dndClipboard.c index 9940362a7..c4523caee 100644 --- a/open-vm-tools/services/plugins/dndcp/dnd/dndClipboard.c +++ b/open-vm-tools/services/plugins/dndcp/dnd/dndClipboard.c @@ -115,11 +115,12 @@ CPClipItemCopy(CPClipItem *dest, // IN: dest clipboard item if (src->buf) { void *tmp = dest->buf; - dest->buf = realloc(dest->buf, src->size); + dest->buf = realloc(dest->buf, src->size + 1); if (!dest->buf) { dest->buf = tmp; return FALSE; } + ((uint8 *)dest->buf)[src->size] = 0; memcpy(dest->buf, src->buf, src->size); } @@ -244,7 +245,7 @@ CPClipboard_SetItem(CPClipboard *clip, // IN/OUT: the clipboard const size_t size) // IN: the item size { CPClipItem *item; - void *newBuf = NULL; + uint8 *newBuf = NULL; /* * Image, rtf and text may be put into a clipboard at same time, and total * size may be more than limit. Image data will be first dropped, then @@ -274,16 +275,18 @@ CPClipboard_SetItem(CPClipboard *clip, // IN/OUT: the clipboard if (CPFORMAT_TEXT == fmt) { char *str = (char *)clipitem; if (!Unicode_IsBufferValid(str, - strlen(str), + size, STRING_ENCODING_UTF8)) { return FALSE; } } - newBuf = malloc(size); + + newBuf = malloc(size + 1); if (!newBuf) { return FALSE; } memcpy(newBuf, clipitem, size); + newBuf[size] = 0; } item->buf = newBuf;