xiaoyu/raylib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security fixes (rcore_desktop_win32.c) (#5899)

Browse Source 
* Security fixes in rcore_desktop_win32.c

* Avoid calling strlen() twice
This commit is contained in:
Alexandre Almeida
2026-05-30 03:49:34 -03:00
committed by GitHub
parent 7c284cc5bc
commit f0d3e9a5c8
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/platforms/rcore_desktop_win32.c
+7 -3
View File
@@ -1257,8 +1257,9 @@ void OpenURL(const char *url)
if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character"); if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character");
else else
{ {
char *cmd = (char *)RL_CALLOC(strlen(url) + 32, sizeof(char)); int len = strlen(url) + 32;
sprintf(cmd, "explorer \"%s\"", url); char *cmd = (char *)RL_CALLOC(len, sizeof(char));
snprintf(cmd, len, "explorer \"%s\"", url);
int result = system(cmd); int result = system(cmd);
if (result == -1) TRACELOG(LOG_WARNING, "OpenURL() child process could not be created"); if (result == -1) TRACELOG(LOG_WARNING, "OpenURL() child process could not be created");
RL_FREE(cmd); RL_FREE(cmd);
@@ -2052,8 +2053,11 @@ static void HandleMouseButton(int button, char state)
static void HandleRawInput(LPARAM lparam) static void HandleRawInput(LPARAM lparam)
{ {
RAWINPUT input = { 0 }; RAWINPUT input = { 0 };
UINT inputSize = 0;
if (GetRawInputData((HRAWINPUT)lparam, RID_INPUT, NULL, &inputSize, sizeof(RAWINPUTHEADER)) != 0) return;
if (inputSize > sizeof(input)) return;
UINT inputSize = sizeof(input);
UINT size = GetRawInputData((HRAWINPUT)lparam, RID_INPUT, &input, &inputSize, sizeof(RAWINPUTHEADER)); UINT size = GetRawInputData((HRAWINPUT)lparam, RID_INPUT, &input, &inputSize, sizeof(RAWINPUTHEADER));
if (size == (UINT)-1) TRACELOG(LOG_ERROR, "WIN32: Failed to get raw input data [ERROR: %lu]", GetLastError()); if (size == (UINT)-1) TRACELOG(LOG_ERROR, "WIN32: Failed to get raw input data [ERROR: %lu]", GetLastError());