From 6b9a7a5f8fe2033c3008c3b045484e545a79794e Mon Sep 17 00:00:00 2001
From: Neil <nyamatongwe@gmail.com>
Date: Fri, 14 Feb 2014 11:24:06 +1100
Subject: Fix potential failure if FormatEnumerator_Next called with celt>1.
 Use std::vector for formats to avoid empty elements.

---
 win32/ScintillaWin.cxx | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

(limited to 'win32')

diff --git a/win32/ScintillaWin.cxx b/win32/ScintillaWin.cxx
index c8cf7c63e..b9eefec37 100644
--- a/win32/ScintillaWin.cxx
+++ b/win32/ScintillaWin.cxx
@@ -131,10 +131,9 @@ class FormatEnumerator {
 public:
 	VFunction **vtbl;
 	int ref;
-	int pos;
-	CLIPFORMAT formats[2];
-	int formatsLen;
-	FormatEnumerator(int pos_, CLIPFORMAT formats_[], int formatsLen_);
+	unsigned int pos;
+	std::vector<CLIPFORMAT> formats;
+	FormatEnumerator(int pos_, CLIPFORMAT formats_[], size_t formatsLen_);
 };
 
 /**
@@ -1811,16 +1810,15 @@ STDMETHODIMP_(ULONG)FormatEnumerator_Release(FormatEnumerator *fe) {
 }
 /// Implement IEnumFORMATETC
 STDMETHODIMP FormatEnumerator_Next(FormatEnumerator *fe, ULONG celt, FORMATETC *rgelt, ULONG *pceltFetched) {
-	//Platform::DebugPrintf("EFE Next %d %d", fe->pos, celt);
 	if (rgelt == NULL) return E_POINTER;
-	// We only support one format, so this is simple.
 	unsigned int putPos = 0;
-	while ((fe->pos < fe->formatsLen) && (putPos < celt)) {
+	while ((fe->pos < fe->formats.size()) && (putPos < celt)) {
 		rgelt->cfFormat = fe->formats[fe->pos];
 		rgelt->ptd = 0;
 		rgelt->dwAspect = DVASPECT_CONTENT;
 		rgelt->lindex = -1;
 		rgelt->tymed = TYMED_HGLOBAL;
+		rgelt++;
 		fe->pos++;
 		putPos++;
 	}
@@ -1839,7 +1837,7 @@ STDMETHODIMP FormatEnumerator_Reset(FormatEnumerator *fe) {
 STDMETHODIMP FormatEnumerator_Clone(FormatEnumerator *fe, IEnumFORMATETC **ppenum) {
 	FormatEnumerator *pfe;
 	try {
-		pfe = new FormatEnumerator(fe->pos, fe->formats, fe->formatsLen);
+		pfe = new FormatEnumerator(fe->pos, &fe->formats[0], fe->formats.size());
 	} catch (...) {
 		return E_OUTOFMEMORY;
 	}
@@ -1857,13 +1855,11 @@ static VFunction *vtFormatEnumerator[] = {
 	(VFunction *)(FormatEnumerator_Clone)
 };
 
-FormatEnumerator::FormatEnumerator(int pos_, CLIPFORMAT formats_[], int formatsLen_) {
+FormatEnumerator::FormatEnumerator(int pos_, CLIPFORMAT formats_[], size_t formatsLen_) {
 	vtbl = vtFormatEnumerator;
 	ref = 0;   // First QI adds first reference...
 	pos = pos_;
-	formatsLen = formatsLen_;
-	for (int i=0; i<formatsLen; i++)
-		formats[i] = formats_[i];
+	formats.insert(formats.begin(), formats_, formats_+formatsLen_);
 }
 
 /// Implement IUnknown
@@ -1978,10 +1974,10 @@ STDMETHODIMP DataObject_EnumFormatEtc(DataObject *pd, DWORD dwDirection, IEnumFO
 		FormatEnumerator *pfe;
 		if (pd->sci->IsUnicodeMode()) {
 			CLIPFORMAT formats[] = {CF_UNICODETEXT, CF_TEXT};
-			pfe = new FormatEnumerator(0, formats, 2);
+			pfe = new FormatEnumerator(0, formats, ELEMENTS(formats));
 		} else {
 			CLIPFORMAT formats[] = {CF_TEXT};
-			pfe = new FormatEnumerator(0, formats, 1);
+			pfe = new FormatEnumerator(0, formats, ELEMENTS(formats));
 		}
 		return FormatEnumerator_QueryInterface(pfe, IID_IEnumFORMATETC,
 											   reinterpret_cast<void **>(ppEnum));
-- 
cgit v1.2.3