system/wine
system/wine
1
0
Fork 0
mirror of git://source.winehq.org/git/wine.git synced 2024-10-14 23:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

oleaut32: Protect against integer overflow in SysAllocStringLen.

Browse source
This commit is contained in:
Marcus Meissner 2006-11-24 08:45:57 +01:00 committed by Alexandre Julliard
parent 1a145bb532
commit caa301a736
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
dlls/oleaut32/oleaut.c
View file

@ -20,6 +20,7 @@
#include <stdarg.h>
#include <string.h>
#include <limits.h>
#define COBJMACROS
@ -217,6 +218,9 @@ BSTR WINAPI SysAllocStringLen(const OLECHAR *str, unsigned int len)
DWORD* newBuffer;
WCHAR* stringBuffer;
/* Detect integer overflow. */
if (len >= ((UINT_MAX-sizeof(WCHAR)-sizeof(DWORD))/sizeof(WCHAR)))
return NULL;
/*
* Find the length of the buffer passed-in, in bytes.
*/
@ -234,8 +238,8 @@ BSTR WINAPI SysAllocStringLen(const OLECHAR *str, unsigned int len)
/*
* If the memory allocation failed, return a null pointer.
*/
if (newBuffer==0)
return 0;
if (!newBuffer)
return NULL;
/*
* Copy the length of the string in the placeholder.