Wininet Buffer Length Fixes
Robert Shearman
rob at codeweavers.com
Tue Jul 13 16:32:39 CDT 2004
Alexandre Julliard wrote:
>Robert Shearman <rob at codeweavers.com> writes:
>
>
>
>>--- wine/dlls/wininet/http.c 4 Jul 2004 00:24:47 -0000 1.65
>>+++ wine/dlls/wininet/http.c 13 Jul 2004 16:23:11 -0000
>>@@ -1131,8 +1186,8 @@
>> if( result )
>> {
>> len = WideCharToMultiByte( CP_ACP,0, bufferW, len / sizeof(WCHAR),
>>- lpBuffer, *lpdwBufferLength, NULL, NULL );
>>- *lpdwBufferLength = len * sizeof(WCHAR);
>>+ lpBuffer, *lpdwBufferLength+1, NULL, NULL );
>>+ *lpdwBufferLength = (len-1) * sizeof(CHAR);
>>
>>
>
>It seems to me this would potentially write beyond the end of the
>buffer, that doesn't look right.
>
>
>
From:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wininet/wininet/httpqueryinfo.asp
In the case of a string, the byte count does not include the string's
terminating null character.
Since WideCharToMultiByte returns the number of bytes written including
the null terminator it is required to take one away from it, although
the misleading *sizeof(CHAR) can be removed.
Rob
More information about the wine-devel
mailing list