Andrew Nguyen : winevdm: Fix incorrect heap allocation sizes and possible out-of-bounds access in find_dosbox helper .
Alexandre Julliard
julliard at winehq.org
Mon Apr 18 11:10:57 CDT 2011
Module: wine
Branch: master
Commit: 3474e3da22c767c2ea3472120f032576733bcdd6
URL: http://source.winehq.org/git/wine.git/?a=commit;h=3474e3da22c767c2ea3472120f032576733bcdd6
Author: Andrew Nguyen <anguyen at codeweavers.com>
Date: Sat Apr 16 03:25:15 2011 -0500
winevdm: Fix incorrect heap allocation sizes and possible out-of-bounds access in find_dosbox helper.
---
programs/winevdm/winevdm.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/programs/winevdm/winevdm.c b/programs/winevdm/winevdm.c
index ca55d80..0aaf041 100644
--- a/programs/winevdm/winevdm.c
+++ b/programs/winevdm/winevdm.c
@@ -114,11 +114,15 @@ static char *find_dosbox(void)
const char *envpath = getenv( "PATH" );
struct stat st;
char *path, *p, *buffer, *dir;
+ size_t envpath_len;
if (!envpath) return NULL;
- path = HeapAlloc( GetProcessHeap(), 0, strlen(envpath) );
- buffer = HeapAlloc( GetProcessHeap(), 0, strlen(path) + sizeof("/dosbox") );
+
+ envpath_len = strlen( envpath );
+ path = HeapAlloc( GetProcessHeap(), 0, envpath_len + 1 );
+ buffer = HeapAlloc( GetProcessHeap(), 0, envpath_len + sizeof("/dosbox") );
strcpy( path, envpath );
+
p = path;
while (*p)
{
@@ -126,7 +130,7 @@ static char *find_dosbox(void)
if (!*p) break;
dir = p;
while (*p && *p != ':') p++;
- *p++ = 0;
+ if (*p == ':') *p++ = 0;
strcpy( buffer, dir );
strcat( buffer, "/dosbox" );
if (!stat( buffer, &st ))
More information about the wine-cvs
mailing list