[PATCH] ole32: handle length=0 in save datacache
Marcus Meissner
marcus at jet.franken.de
Fri Nov 3 06:11:17 CDT 2017
The ole2 test crashes for me, reason is that length is 0
and we use length-1 for accessing whats returned.
Signed-off-by: Marcus Meissner <marcus at jet.franken.de>
---
dlls/ole32/datacache.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/dlls/ole32/datacache.c b/dlls/ole32/datacache.c
index 2907426f62..d08d2db6e2 100644
--- a/dlls/ole32/datacache.c
+++ b/dlls/ole32/datacache.c
@@ -480,7 +480,12 @@ static HRESULT read_clipformat(IStream *stream, CLIPFORMAT *clipformat)
}
else
{
- char *format_name = HeapAlloc(GetProcessHeap(), 0, length);
+ char *format_name;
+
+ if (!length)
+ return DV_E_CLIPFORMAT;
+
+ format_name = HeapAlloc(GetProcessHeap(), 0, length);
if (!format_name)
return E_OUTOFMEMORY;
hr = IStream_Read(stream, format_name, length, &read);
--
2.14.3
More information about the wine-patches
mailing list