ntdll: Fix RtlIntegerToUnicodeString so it won't overflow
Alexandre Julliard
julliard at winehq.org
Thu May 8 04:31:05 CDT 2008
"Maarten Lankhorst" <m.b.lankhorst at gmail.com> writes:
> @@ -1970,7 +1970,7 @@ NTSTATUS WINAPI RtlIntegerToUnicodeString(
> } while (value != 0L);
>
> str->Length = (&buffer[32] - pos) * sizeof(WCHAR);
> - if (str->Length >= str->MaximumLength) {
> + if (str->Length + sizeof(WCHAR) >= str->MaximumLength) {
> return STATUS_BUFFER_OVERFLOW;
> } else {
> memcpy(str->Buffer, pos, str->Length + sizeof(WCHAR));
There's no overflow here. The Windows implementation of
RtlIntegerToUnicodeString seems badly confused but I don't think
we need to replicate those bugs.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list