gdi32/font: Prevent possible buffer overrun
Dmitry Timoshkov
dmitry at codeweavers.com
Mon Oct 19 23:09:00 CDT 2009
"Nikolay Sivov" <bunglehead at gmail.com> wrote:
> Reported as http://bugs.winehq.org/show_bug.cgi?id=19819
>
> Changelog:
> - prevent possible buffer overrun
> - while (!(*lpSrc>>index & 0x0001) && index<MAXTCIINDEX) index++;
> + while (index < MAXTCIINDEX && !(*lpSrc>>index & 0x0001)) index++;
'index >= MAXTCIINDEX' won't trigger in that case:
if (index >= MAXTCIINDEX || FONT_tci[index].ciCharset == DEFAULT_CHARSET) return FALSE;
It would be simpler IMO to add one more item to FONT_tci[] instead.
--
Dmitry.
More information about the wine-devel
mailing list