![]() GetWindowTextW() is called with nMaxCount= 3 and therefore writes "AB\0" to the buffer and returns 2.Meanwhile, the control text changes to "ABC" (3 chars).GetWindowTextLengthW(hWnd) returns 1, so textLengthWithNullTerminator is 2.The control text is initially "A" (1 chars).However, the condition actually doesn't work, and a truncated text is returned in that case if the text length has increased by 2 or more chars. The implementation wants to handle the case when the text length increases between calling GetWindowTextLengthW and calling GetWindowTextW.The issue can be fixed by changing (textLengthWithNullTerminator) to (textLengthWithNullTerminator 1). As the text has changed to 16 characters, GetWindowTextW() writes 17 characters ( "AAAABBBBCCCCDDDx\0") to the buffer and returns the value 16, thus having written one char (2 bytes) too many.This parameter specifies the maximum buffer size/characers to write, including the terminating null character. GetWindowTextW() is called with nMaxCount= 17.Meanwhile, the control text changes to "AAAABBBBCCCCDDDx" (16 chars).(textLengthWithNullTerminator) returns an array with length 16.GetWindowTextLengthW(hWnd) returns 15, so textLengthWithNullTerminator is 16.The control text is initially "AAAABBBBCCCCDDD" (15 chars).This can lead to too many bytes being written (out-of-bounds write) if the text changes after calling GetWindowTextLengthW.įor example, consider the following scenario: When calling GetWindowTextW, the nMaxCount parameter is specified as textLengthWithNullTerminator 1, but the call to specifies textLengthWithNullTerminator.ĪrrayPool.Rent returns a buffer that has at least the specified size, so it might return a buffer that has exact the specified size, in which case it will be 1 char too small to hold the maximum number of chars.WindowTitle = new string( pWindowTitle, 0, actualTextLength) If ( actualTextLength > textLengthWithNullTerminator)ĪrrayPool. Keep looping until we get a buffer that can fit. The window text may have changed between calls. Int actualTextLength = GetWindowTextW( hWnd, pWindowTitle, textLengthWithNullTerminator 1) Rent( textLengthWithNullTerminator) įixed ( char * pWindowTitle = windowTitleBuffer) Int textLengthWithNullTerminator = GetWindowTextLengthW( hWnd) 1 Ĭhar windowTitleBuffer = ArrayPool. ![]() GetWindowTextLengthW returns the length of the text not Public static unsafe string GetWindowText( IntPtr hWnd)
0 Comments
Leave a Reply. |