Use secure CRT functions for string copying.

fancycode · fancycode · commit 2ecf5b764b7e · 2016-09-21T00:19:52.000+02:00
diff --git a/MemoryModule.c b/MemoryModule.c
@@ -851,19 +851,20 @@ static PIMAGE_RESOURCE_DIRECTORY_ENTRY _MemorySearchResourceEntry(
         // using a pre-allocated array.
         wchar_t _searchKeySpace[MAX_LOCAL_KEY_LENGTH+1];
         LPWSTR _searchKey;
+        size_t _searchKeySize;
         if (searchKeyLen > MAX_LOCAL_KEY_LENGTH) {
-            size_t _searchKeySize = (searchKeyLen + 1) * sizeof(wchar_t);
+            _searchKeySize = (searchKeyLen + 1) * sizeof(wchar_t);
             _searchKey = (LPWSTR) malloc(_searchKeySize);
             if (_searchKey == NULL) {
                 SetLastError(ERROR_OUTOFMEMORY);
                 return NULL;
             }
         } else {
             _searchKey = &_searchKeySpace[0];
+            _searchKeySize = sizeof(_searchKeySpace);
         }
 
-        mbstowcs(_searchKey, key, searchKeyLen);
-        _searchKey[searchKeyLen] = 0;
+        mbstowcs_s(NULL, _searchKey, _searchKeySize, key, searchKeyLen);
         searchKey = _searchKey;
 #endif
         start = 0;
@@ -990,7 +991,7 @@ MemoryLoadStringEx(HMEMORYMODULE module, UINT id, LPTSTR buffer, int maxsize, WO
 {
     HMEMORYRSRC resource;
     PIMAGE_RESOURCE_DIR_STRING_U data;
-    DWORD size;
+    int size;
     if (maxsize == 0) {
         return 0;
     }
@@ -1013,15 +1014,13 @@ MemoryLoadStringEx(HMEMORYMODULE module, UINT id, LPTSTR buffer, int maxsize, WO
     }
 
     size = data->Length;
-    if (size >= (DWORD) maxsize) {
-        size = maxsize;
-    } else {
-        buffer[size] = 0;
+    if (size >= maxsize) {
+        size = maxsize - 1;
     }
 #if defined(UNICODE)
-    wcsncpy(buffer, data->NameString, size);
+    wcsncpy_s(buffer, maxsize, data->NameString, size);
 #else
-    wcstombs(buffer, data->NameString, size);
+    wcstombs_s(NULL, buffer, maxsize, data->NameString, size);
 #endif
     return size;
 }
