From f0d3e9a5c8466bb0971be14ade7730ce0eaec45d Mon Sep 17 00:00:00 2001 From: Alexandre Almeida Date: Sat, 30 May 2026 03:49:34 -0300 Subject: [PATCH] Security fixes (rcore_desktop_win32.c) (#5899) * Security fixes in rcore_desktop_win32.c * Avoid calling strlen() twice --- src/platforms/rcore_desktop_win32.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/platforms/rcore_desktop_win32.c b/src/platforms/rcore_desktop_win32.c index a797234ba..33ce1f661 100644 --- a/src/platforms/rcore_desktop_win32.c +++ b/src/platforms/rcore_desktop_win32.c @@ -1257,8 +1257,9 @@ void OpenURL(const char *url) if (strchr(url, '\'') != NULL) TRACELOG(LOG_WARNING, "SYSTEM: Provided URL could be potentially malicious, avoid [\'] character"); else { - char *cmd = (char *)RL_CALLOC(strlen(url) + 32, sizeof(char)); - sprintf(cmd, "explorer \"%s\"", url); + int len = strlen(url) + 32; + char *cmd = (char *)RL_CALLOC(len, sizeof(char)); + snprintf(cmd, len, "explorer \"%s\"", url); int result = system(cmd); if (result == -1) TRACELOG(LOG_WARNING, "OpenURL() child process could not be created"); RL_FREE(cmd); @@ -2052,8 +2053,11 @@ static void HandleMouseButton(int button, char state) static void HandleRawInput(LPARAM lparam) { RAWINPUT input = { 0 }; + UINT inputSize = 0; + + if (GetRawInputData((HRAWINPUT)lparam, RID_INPUT, NULL, &inputSize, sizeof(RAWINPUTHEADER)) != 0) return; + if (inputSize > sizeof(input)) return; - UINT inputSize = sizeof(input); UINT size = GetRawInputData((HRAWINPUT)lparam, RID_INPUT, &input, &inputSize, sizeof(RAWINPUTHEADER)); if (size == (UINT)-1) TRACELOG(LOG_ERROR, "WIN32: Failed to get raw input data [ERROR: %lu]", GetLastError());