ntdll: Protect RtlAllocateHeap and RtlReAllocateHeap against
integer overflows with large values of size.
Robert Shearman
rob at codeweavers.com
Fri May 18 07:12:30 CDT 2007
Chris Robinson wrote:
> On Friday 18 May 2007 04:01:19 am Robert Shearman wrote:
>
>> + ULONGLONG llret = (ULONGLONG)a + b;
>> + if ((sizeof(SIZE_T) < sizeof(ULONGLONG)) && (llret > 0xffffffff))
>> + return FALSE;
>>
>
> WOuldn't this be more correct (as well as function when sizeof(SIZE_T) >=
> sizeof(ULONGLONG)):
>
> SIZE_T res = a + b;
> return (res >= a);
>
An example that would break using your logic:
2 + (-1)
--
Rob Shearman
More information about the wine-devel
mailing list