gdi32/font: Prevent possible buffer overrun
Nikolay Sivov
bunglehead at gmail.com
Tue Oct 20 05:11:53 CDT 2009
Dmitry Timoshkov wrote:
> "Nikolay Sivov" <bunglehead at gmail.com> wrote:
>
>> Reported as http://bugs.winehq.org/show_bug.cgi?id=19819
>>
>> Changelog:
>> - prevent possible buffer overrun
>
>> - while (!(*lpSrc>>index & 0x0001) && index<MAXTCIINDEX) index++;
>> + while (index < MAXTCIINDEX && !(*lpSrc>>index & 0x0001)) index++;
>
> 'index >= MAXTCIINDEX' won't trigger in that case:
>
> if (index >= MAXTCIINDEX || FONT_tci[index].ciCharset ==
> DEFAULT_CHARSET) return FALSE;
You're right, it breaks this path.
> It would be simpler IMO to add one more item to FONT_tci[] instead.
Ok.
More information about the wine-devel
mailing list