From 068aa169c7732a434ee38345e6f9721dfaa4e85b Mon Sep 17 00:00:00 2001 From: Daniel Lehman Date: Mon, 13 Aug 2018 17:42:06 -0700 Subject: [PATCH 5/5] msvcrt: Don't read past end of string in _strnicoll/_wcsnicoll. Signed-off-by: Daniel Lehman --- dlls/msvcrt/string.c | 7 ++++++- dlls/msvcrt/tests/string.c | 33 +++++++++++++-------------------- dlls/msvcrt/wcs.c | 7 ++++++- 3 files changed, 25 insertions(+), 22 deletions(-) diff --git a/dlls/msvcrt/string.c b/dlls/msvcrt/string.c index d3e3c3202c..52c0c868b3 100644 --- a/dlls/msvcrt/string.c +++ b/dlls/msvcrt/string.c @@ -689,6 +689,8 @@ int CDECL MSVCRT__strncoll( const char* str1, const char* str2, MSVCRT_size_t co int CDECL MSVCRT__strnicoll_l( const char* str1, const char* str2, MSVCRT_size_t count, MSVCRT__locale_t locale ) { MSVCRT_pthreadlocinfo locinfo; + MSVCRT_size_t len1; + MSVCRT_size_t len2; if(!locale) locinfo = get_locinfo(); @@ -697,8 +699,11 @@ int CDECL MSVCRT__strnicoll_l( const char* str1, const char* str2, MSVCRT_size_t if(!locinfo->lc_handle[MSVCRT_LC_COLLATE]) return strncasecmp(str1, str2, count); + + len1 = strlen(str1); + len2 = strlen(str2); return CompareStringA(locinfo->lc_handle[MSVCRT_LC_COLLATE], NORM_IGNORECASE, - str1, count, str2, count)-CSTR_EQUAL; + str1, min(count, len1), str2, min(count, len2))-CSTR_EQUAL; } /********************************************************************* diff --git a/dlls/msvcrt/tests/string.c b/dlls/msvcrt/tests/string.c index c29d36eb64..564df4cb77 100644 --- a/dlls/msvcrt/tests/string.c +++ b/dlls/msvcrt/tests/string.c @@ -3474,11 +3474,10 @@ static void test__tcsnicoll(void) const char *str2; size_t count; int exp; - BOOL todo; }; static const struct test tests[] = { { "English", "abcd", "ABCD", 4, 0 }, - { "English", "abcd", "ABCD", 10, 0, TRUE }, + { "English", "abcd", "ABCD", 10, 0 }, { "English", "abc", "ABCD", 3, 0 }, { "English", "abc", "ABCD", 4, -1 }, @@ -3520,15 +3519,12 @@ static void test__tcsnicoll(void) strcpy(str2, tests[i].str2); ret = _strnicoll(str1, str2, tests[i].count); - todo_wine_if(tests[i].todo) - { - if (!tests[i].exp) - ok(!ret, "expected 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - else if (tests[i].exp < 0) - ok(ret < 0, "expected < 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - else - ok(ret > 0, "expected > 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - } + if (!tests[i].exp) + ok(!ret, "expected 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); + else if (tests[i].exp < 0) + ok(ret < 0, "expected < 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); + else + ok(ret > 0, "expected > 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); memset(str1W, 0xee, sizeof(str1W)); len = mbstowcs(str1W, str1, ARRAY_SIZE(str1W)); @@ -3539,15 +3535,12 @@ static void test__tcsnicoll(void) str2W[len] = 0; ret = _wcsnicoll(str1W, str2W, tests[i].count); - todo_wine_if(tests[i].todo) - { - if (!tests[i].exp) - ok(!ret, "expected 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - else if (tests[i].exp < 0) - ok(ret < 0, "expected < 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - else - ok(ret > 0, "expected > 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - } + if (!tests[i].exp) + ok(!ret, "expected 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); + else if (tests[i].exp < 0) + ok(ret < 0, "expected < 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); + else + ok(ret > 0, "expected > 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); } } diff --git a/dlls/msvcrt/wcs.c b/dlls/msvcrt/wcs.c index 43b66e89ef..d8003fb990 100644 --- a/dlls/msvcrt/wcs.c +++ b/dlls/msvcrt/wcs.c @@ -142,6 +142,8 @@ int CDECL MSVCRT__wcsnicoll_l(const MSVCRT_wchar_t* str1, const MSVCRT_wchar_t* MSVCRT_size_t count, MSVCRT__locale_t locale) { MSVCRT_pthreadlocinfo locinfo; + MSVCRT_size_t len1; + MSVCRT_size_t len2; if(!locale) locinfo = get_locinfo(); @@ -150,8 +152,11 @@ int CDECL MSVCRT__wcsnicoll_l(const MSVCRT_wchar_t* str1, const MSVCRT_wchar_t* if(!locinfo->lc_handle[MSVCRT_LC_COLLATE]) return strncmpiW(str1, str2, count); + + len1 = strlenW(str1); + len2 = strlenW(str2); return CompareStringW(locinfo->lc_handle[MSVCRT_LC_COLLATE], NORM_IGNORECASE, - str1, count, str2, count)-CSTR_EQUAL; + str1, min(count, len1), str2, min(count, len2))-CSTR_EQUAL; } /********************************************************************* -- 2.17.0