LOCALE: Don't copy value if buffer is too small

[Fabian Cenedese]

>> The found value (info->Data) should only be copied to (buffer) if its length (len)
>> is big enough. len is given in bytes (8 for the above call with a buffer of 4 WCHARs).
>> But the length of the data (ret) is in WCHAR units. So the comparison here
>> is completely wrong. Ok, I could change this to len/sizeof(WCHAR). But that's
>> still not enough because of the comparison before about info->Data[ret-1].
>
>len is supposed to be in WCHARs too, most likely the caller is not
>passing the correct size.

Ok, I saw that you fixed the WCHAR/byte mess. But there is still a possibility that
the function can copy a string longer than buffer if it already has an appended null.
This should fix it.

bye  Fabi



Changelog:
    Fabian Cenedese <Cenedese at indel.ch>
    Check buffer length so we don't copy strings into buffer if they are too long.


Index: wine/dlls/kernel/locale.c
===================================================================
RCS file: /home/wine/wine/dlls/kernel/locale.c,v
retrieving revision 1.35
diff -u -r1.35 locale.c
--- wine/dlls/kernel/locale.c   25 Feb 2004 01:35:01 -0000      1.35
+++ wine/dlls/kernel/locale.c   25 Feb 2004 07:35:42 -0000
@@ -778,10 +778,16 @@
                 ret = 0;
             }
         }
+
         if (ret && buffer)
         {
-            memcpy( buffer, info->Data, (ret-1) * sizeof(WCHAR) );
-            buffer[ret-1] = 0;
+            if (ret <= len) {
+                memcpy( buffer, info->Data, (ret-1) * sizeof(WCHAR) );
+                buffer[ret-1] = 0;
+            } else {
+                SetLastError( ERROR_INSUFFICIENT_BUFFER );
+                ret = 0;
+            }
         }
     }
     else