Undocumented behaviour in ReqQueryValueEx when 'count' and 'type' point to the same address

Juan Lang juan.lang at gmail.com
Wed Dec 12 11:26:23 CST 2007


Hi Sam,

-    DWORD total_size;
+    DWORD total_size, datalen;
(snip)
+    if (count) datalen = *count;
(snip)
-                if (len > *count) status = STATUS_BUFFER_OVERFLOW;
+                if (len > datalen) status = STATUS_BUFFER_OVERFLOW;

I mentioned when I reviewed the patch that datalen might be
uninitialized.  You're right that it isn't, since it's set when count
is not NULL, and read when data is not NULL.  The function fails
earlier if data is not NULL and count is NULL, so again, you're right:
 it isn't uninitialized when it's read.

Nevertheless, it took a pretty in-depth read to check that, and the
patch introduces an unneeded warning.  You can avoid it simply, so
please do.
--Juan



More information about the wine-devel mailing list