gdi32 : Correction of bug 20850 Write buffer overflow in WidenPath()
Dan Kegel
dank at kegel.com
Sat Nov 28 19:32:28 CST 2009
On Sat, Nov 28, 2009 at 5:04 PM, Laurent Vromman <laurent at vromman.org> wrote:
> - pStrokes = HeapAlloc(GetProcessHeap(), 0, numStrokes *
> sizeof(GdiPath*));
> - pStrokes[0] = HeapAlloc(GetProcessHeap(), 0, sizeof(GdiPath));
> - PATH_InitGdiPath(pStrokes[0]);
> - pStrokes[0]->pFlags = HeapAlloc(GetProcessHeap(), 0,
> pPath->numEntriesUsed * sizeof(INT));
> - pStrokes[0]->pPoints = HeapAlloc(GetProcessHeap(), 0,
> pPath->numEntriesUsed * sizeof(POINT));
> - pStrokes[0]->numEntriesUsed = 0;
> + pStrokes = NULL;
...
Wait, wouldn't it be simpler to keep the initial alloc, as in the attachment?
- Dan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: path.diff
Type: text/x-patch
Size: 711 bytes
Desc: not available
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20091128/6e2f1f1c/attachment.bin>
More information about the wine-devel
mailing list