[PATCH] comctl32/dsa: Handle overflow in DSA_InsertItem()
Nikolay Sivov
nsivov at codeweavers.com
Sun Jul 24 06:44:40 CDT 2016
From: Xiaoshan Sun <sunxs at is.iscas.ac.cn>
Signed-off-by: Xiaoshan Sun <sunxs at is.iscas.ac.cn>
Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
---
For https://bugs.winehq.org/show_bug.cgi?id=33457
dlls/comctl32/dsa.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/dlls/comctl32/dsa.c b/dlls/comctl32/dsa.c
index a73a54a..d5e8234 100644
--- a/dlls/comctl32/dsa.c
+++ b/dlls/comctl32/dsa.c
@@ -267,6 +267,9 @@ INT WINAPI DSA_InsertItem (HDSA hdsa, INT nIndex, LPVOID pSrc)
nNewItems = hdsa->nMaxCount + hdsa->nGrow;
nSize = hdsa->nItemSize * nNewItems;
+ if (nSize / hdsa->nItemSize != nNewItems)
+ return -1;
+
lpTemp = ReAlloc (hdsa->pData, nSize);
if (!lpTemp)
return -1;
--
2.8.1
More information about the wine-patches
mailing list