correct buffer overflows in IME processing code
Aric Stewart
aric at codeweavers.com
Thu Sep 21 09:43:00 CDT 2006
-------------- next part --------------
diff --git a/dlls/user/edit.c b/dlls/user/edit.c
index c4f95e4..116340f 100644
--- a/dlls/user/edit.c
+++ b/dlls/user/edit.c
@@ -5341,7 +5341,7 @@ static void EDIT_GetCompositionStr(HWND
return;
}
- lpCompStr = HeapAlloc(GetProcessHeap(),0,dwBufLen);
+ lpCompStr = HeapAlloc(GetProcessHeap(),0,dwBufLen + sizeof(WCHAR));
if (!lpCompStr)
{
ERR("Unable to allocate IME CompositionString\n");
@@ -5362,7 +5362,7 @@ static void EDIT_GetCompositionStr(HWND
if (dwBufLenAttr)
{
dwBufLenAttr ++;
- lpCompStrAttr = HeapAlloc(GetProcessHeap(),0,dwBufLenAttr);
+ lpCompStrAttr = HeapAlloc(GetProcessHeap(),0,dwBufLenAttr+1);
if (!lpCompStrAttr)
{
ERR("Unable to allocate IME Attribute String\n");
@@ -5417,7 +5417,7 @@ static void EDIT_GetResultStr(HWND hwnd,
return;
}
- lpResultStr = HeapAlloc(GetProcessHeap(),0, dwBufLen);
+ lpResultStr = HeapAlloc(GetProcessHeap(),0, dwBufLen+sizeof(WCHAR));
if (!lpResultStr)
{
ERR("Unable to alloc buffer for IME string\n");
More information about the wine-patches
mailing list