Piotr Caban : msxml3: Fix for accessing uninitialized memory.

Alexandre Julliard julliard at winehq.org
Thu Jul 24 07:01:31 CDT 2008


Module: wine
Branch: master
Commit: 33e35025ec2d53ac24a5d3df4af883493c8aa68b
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=33e35025ec2d53ac24a5d3df4af883493c8aa68b

Author: Piotr Caban <piotr.caban at gmail.com>
Date:   Wed Jul 23 16:39:51 2008 +0200

msxml3: Fix for accessing uninitialized memory.

---

 dlls/msxml3/saxreader.c |   18 ++++++++++++++++--
 1 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/dlls/msxml3/saxreader.c b/dlls/msxml3/saxreader.c
index ef3c7e8..3b67d01 100644
--- a/dlls/msxml3/saxreader.c
+++ b/dlls/msxml3/saxreader.c
@@ -1130,12 +1130,26 @@ static HRESULT WINAPI isaxxmlreader_parse(
             data = xmlChar_from_wchar(V_BSTR(&varInput));
             xmlSetupParserForBuffer(locator->pParserCtxt, data, NULL);
             break;
-        case VT_ARRAY|VT_UI1:
-            hr = SafeArrayAccessData(V_ARRAY(&varInput), (void**)&data);
+        case VT_ARRAY|VT_UI1: {
+            void *pSAData;
+            LONG lBound, uBound;
+            ULONG dataRead;
+
+            hr = SafeArrayGetLBound(V_ARRAY(&varInput), 1, &lBound);
+            if(hr != S_OK) break;
+            hr = SafeArrayGetUBound(V_ARRAY(&varInput), 1, &uBound);
             if(hr != S_OK) break;
+            dataRead = (uBound-lBound)*SafeArrayGetElemsize(V_ARRAY(&varInput));
+            data = HeapAlloc(GetProcessHeap(), 0, dataRead+1);
+            if(!data) break;
+            hr = SafeArrayAccessData(V_ARRAY(&varInput), (void**)&pSAData);
+            if(hr != S_OK) break;
+            memcpy(data, pSAData, dataRead);
+            data[dataRead] = '\0';
             xmlSetupParserForBuffer(locator->pParserCtxt, data, NULL);
             SafeArrayUnaccessData(V_ARRAY(&varInput));
             break;
+        }
         case VT_UNKNOWN:
         case VT_DISPATCH: {
             IPersistStream *persistStream;




More information about the wine-cvs mailing list