Robert Shearman : msi: Fix heap overflow in save_string_table.
Alexandre Julliard
julliard at wine.codeweavers.com
Wed Feb 22 15:30:21 CST 2006
Module: wine
Branch: refs/heads/master
Commit: 66c9cbbe0fd23d52a500d4d276ee8743c87fa336
URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=66c9cbbe0fd23d52a500d4d276ee8743c87fa336
Author: Robert Shearman <rob at codeweavers.com>
Date: Wed Feb 22 16:30:50 2006 +0000
msi: Fix heap overflow in save_string_table.
Fix heap overflow caused by not accounting for the dummy first item,
which contains the codepage.
---
dlls/msi/table.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/dlls/msi/table.c b/dlls/msi/table.c
index a3becc6..7b4128b 100644
--- a/dlls/msi/table.c
+++ b/dlls/msi/table.c
@@ -755,7 +755,7 @@ static UINT save_string_table( MSIDATABA
/* construct the new table in memory first */
datasize = msi_string_totalsize( db->strings, &count );
- poolsize = count*2*sizeof(USHORT);
+ poolsize = (count + 1)*2*sizeof(USHORT);
pool = msi_alloc( poolsize );
if( ! pool )
More information about the wine-cvs
mailing list