MSI: off by one error

Ulrich Czekalla ulrich.czekalla at utoronto.ca
Mon Mar 7 20:35:02 CST 2005


This patches prevents heap corruption caused by insufficient space being
allocated for a string.

ChangeLog:
    Ulrich Czekalla <ulrich at codeweavers.com>
    Allocate space for terminating null
-------------- next part --------------
Index: dlls/msi/action.c
===================================================================
RCS file: /home/wine/wine/dlls/msi/action.c,v
retrieving revision 1.98
diff -u -p -r1.98 action.c
--- dlls/msi/action.c	2 Mar 2005 13:53:51 -0000	1.98
+++ dlls/msi/action.c	8 Mar 2005 02:15:00 -0000
@@ -3726,7 +3726,7 @@ static LPWSTR resolve_keypath( MSIPACKAG
         deformat_string(package, key , &deformated);
         deformat_string(package, name, &deformated_name);
 
-        len = strlenW(deformated) + 5;
+        len = strlenW(deformated) + 6;
         if (deformated_name)
             len+=strlenW(deformated_name);
 


More information about the wine-patches mailing list