[PATCH] mshtml: Fix potential 1 byte 0 overwrite

Marcus Meissner meissner at suse.de
Thu Mar 20 05:08:23 CDT 2008


Hi,

Coverity spotted the new problem that file_part[len] might be called
with len being sizeof(file_part)/sizeof(file_part[0]).

Fixed the check so that len is <...

Ciao, Marcus
---
 dlls/mshtml/protocol.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/dlls/mshtml/protocol.c b/dlls/mshtml/protocol.c
index 6419d73..e338369 100644
--- a/dlls/mshtml/protocol.c
+++ b/dlls/mshtml/protocol.c
@@ -848,7 +848,7 @@ static HRESULT WINAPI ResProtocolInfo_ParseUrl(IInternetProtocolInfo *iface, LPC
             return E_INVALIDARG;
 
         len = ptr - (pwzUrl + sizeof(wszRes)/sizeof(WCHAR));
-        if(len > sizeof(file_part)/sizeof(WCHAR)) {
+        if(len >= sizeof(file_part)/sizeof(WCHAR)) {
             FIXME("Too long URL\n");
             return MK_E_SYNTAX;
         }
-- 
1.5.2.4



More information about the wine-patches mailing list