[PATCH] mshtml: Fix potential 1 byte 0 overwrite
Marcus Meissner
meissner at suse.de
Thu Mar 20 05:08:23 CDT 2008
Hi,
Coverity spotted the new problem that file_part[len] might be called
with len being sizeof(file_part)/sizeof(file_part[0]).
Fixed the check so that len is <...
Ciao, Marcus
---
dlls/mshtml/protocol.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/dlls/mshtml/protocol.c b/dlls/mshtml/protocol.c
index 6419d73..e338369 100644
--- a/dlls/mshtml/protocol.c
+++ b/dlls/mshtml/protocol.c
@@ -848,7 +848,7 @@ static HRESULT WINAPI ResProtocolInfo_ParseUrl(IInternetProtocolInfo *iface, LPC
return E_INVALIDARG;
len = ptr - (pwzUrl + sizeof(wszRes)/sizeof(WCHAR));
- if(len > sizeof(file_part)/sizeof(WCHAR)) {
+ if(len >= sizeof(file_part)/sizeof(WCHAR)) {
FIXME("Too long URL\n");
return MK_E_SYNTAX;
}
--
1.5.2.4
More information about the wine-patches
mailing list