ntdll: Fix RtlIntegerToUnicodeString so it won't overflow

Alexandre Julliard julliard at winehq.org
Thu May 8 04:31:05 CDT 2008


"Maarten Lankhorst" <m.b.lankhorst at gmail.com> writes:

> @@ -1970,7 +1970,7 @@ NTSTATUS WINAPI RtlIntegerToUnicodeString(
>      } while (value != 0L);
>  
>      str->Length = (&buffer[32] - pos) * sizeof(WCHAR);
> -    if (str->Length >= str->MaximumLength) {
> +    if (str->Length + sizeof(WCHAR) >= str->MaximumLength) {
>  	return STATUS_BUFFER_OVERFLOW;
>      } else {
>  	memcpy(str->Buffer, pos, str->Length + sizeof(WCHAR));

There's no overflow here. The Windows implementation of
RtlIntegerToUnicodeString seems badly confused but I don't think
we need to replicate those bugs.

-- 
Alexandre Julliard
julliard at winehq.org



More information about the wine-devel mailing list