From 2e6bfeb9035233b2889af03f7846d2c77125efb7 Mon Sep 17 00:00:00 2001
From: Vadim Zeitlin <vadim@wxwidgets.org>
Date: Mon, 8 Jul 2013 21:44:06 +0000
Subject: [PATCH] Check for buffer being big enough in wxPathOnly().

Just return NULL or empty string if the input path is too long. This is
probably not ideal but it fixes a buffer overflow and all this code needs to
be rewritten to use wxFileName() anyhow so it's not worth doing anything more
at this moment.

Closes #15302.

git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@74455 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775
---
 src/common/filefn.cpp | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/common/filefn.cpp b/src/common/filefn.cpp
index cb035c4407..061ea5f7c3 100644
--- a/src/common/filefn.cpp
+++ b/src/common/filefn.cpp
@@ -743,11 +743,13 @@ wxPathOnly (wxChar *path)
     {
         static wxChar buf[_MAXPATHLEN];
 
-        // Local copy
-        wxStrcpy (buf, path);
-
         int l = wxStrlen(path);
         int i = l - 1;
+        if ( i >= _MAXPATHLEN )
+            return NULL;
+
+        // Local copy
+        wxStrcpy (buf, path);
 
         // Search backward for a backward or forward slash
         while (i > -1)
@@ -789,12 +791,15 @@ wxString wxPathOnly (const wxString& path)
     {
         wxChar buf[_MAXPATHLEN];
 
-        // Local copy
-        wxStrcpy(buf, path);
-
         int l = path.length();
         int i = l - 1;
 
+        if ( i >= _MAXPATHLEN )
+            return wxString();
+
+        // Local copy
+        wxStrcpy(buf, path);
+
         // Search backward for a backward or forward slash
         while (i > -1)
         {
-- 
2.45.2