[7/7] msi: Avoid accessing uninitialized memory.
Hans Leidekker
hans at codeweavers.com
Wed Oct 21 10:44:47 CDT 2009
On Wednesday 21 October 2009 17:22:08 Juan Lang wrote:
> - size = (lstrlenW(value) + 1 + size) * sizeof(WCHAR);
> + size += (lstrlenW(value) + 1) * sizeof(WCHAR);
>
> I don't see how you're avoiding accessing uninitialize memory here.
> Could you enlighten me?
size is calculated in bytes before this line but multiplied by sizeof(WCHAR)
here, so the allocation that follows is too large. The buffer is not fully
written to but size is passed unchanged to RegSetValueExW, which tests the
end of the buffer for a terminating null.
-Hans
More information about the wine-devel
mailing list