msi 1: Fix a heap corruption bug by resizing the src string before
adding to it
James Hawkins
truiken at gmail.com
Fri Nov 10 15:26:38 CST 2006
Hi,
This fixes bug 6598. http://bugs.winehq.org/show_bug.cgi?id=6598
Changelog:
* Fix a heap corruption bug by resizing the src string before adding to it.
dlls/msi/files.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
--
James Hawkins
-------------- next part --------------
diff --git a/dlls/msi/files.c b/dlls/msi/files.c
index 38b1f8f..dc81e6a 100644
--- a/dlls/msi/files.c
+++ b/dlls/msi/files.c
@@ -469,8 +469,13 @@ static UINT download_remote_cabinet(MSIP
*(ptr + 1) = '\0';
ptr = strrchrW(mi->source, '\\');
+ src = msi_realloc(src, (lstrlenW(src) + lstrlenW(ptr)) * sizeof(WCHAR));
+ if (!src)
+ return ERROR_OUTOFMEMORY;
+
lstrcatW(src, ptr + 1);
+ temppath[0] = '\0';
cab = msi_download_file(src, temppath);
lstrcpyW(mi->source, cab);
--
1.4.3
More information about the wine-patches
mailing list