Fix a heap corruption when printing specific REG_MULTI_SZ values.
Sebastian Lackner
sebastian at fds-team.de
Sat Apr 23 07:24:25 CDT 2016
On 23.04.2016 11:56, Hugh McMaster wrote:
> On Saturday, 23 April 2016 3:35 AM, Sebastian Lackner wrote:
>
>> The current calculation does not take the terminating \0 into account.
>
>> -buffer = HeapAlloc(GetProcessHeap(), 0, tmp_size * 2);
>> +buffer = HeapAlloc(GetProcessHeap(), 0, tmp_size * 2 + sizeof(WCHAR));
>
> Which particular cases cause the heap corruption?
>
> --
> Hugh McMaster
>
It happens for example with a string like L"\0\0\0\0". After stripping off
the last two "\0" the allocated memory will have a size of 4 characters,
but the code below writes 5 characters. You can also test with warn+heap
after creating such a registry key.
More information about the wine-devel
mailing list