Dylan Smith : richedit: Prevent font or colour buffer overflow on stream out.
Alexandre Julliard
julliard at winehq.org
Wed Oct 1 14:09:34 CDT 2008
Module: wine
Branch: master
Commit: fac8e957c53b5ffeed690c782cc0bd34e07c8438
URL: http://source.winehq.org/git/wine.git/?a=commit;h=fac8e957c53b5ffeed690c782cc0bd34e07c8438
Author: Dylan Smith <dylan.ah.smith at gmail.com>
Date: Tue Sep 30 17:11:29 2008 -0400
richedit: Prevent font or colour buffer overflow on stream out.
Static sized buffers are used for storing the colours and fonts, so
there needs to be a check to prevent these buffer from overflowing.
---
dlls/riched20/writer.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/dlls/riched20/writer.c b/dlls/riched20/writer.c
index 912cae3..6a6ad54 100644
--- a/dlls/riched20/writer.c
+++ b/dlls/riched20/writer.c
@@ -214,7 +214,7 @@ ME_StreamOutRTFFontAndColorTbl(ME_OutStream *pStream, ME_DisplayItem *pFirstRun,
if (table[i].bCharSet == bCharSet
&& (table[i].szFaceName == face || !lstrcmpW(table[i].szFaceName, face)))
break;
- if (i == pStream->nFontTblLen) {
+ if (i == pStream->nFontTblLen && i < STREAMOUT_FONTTBL_SIZE) {
table[i].bCharSet = bCharSet;
table[i].szFaceName = face;
pStream->nFontTblLen++;
@@ -226,7 +226,7 @@ ME_StreamOutRTFFontAndColorTbl(ME_OutStream *pStream, ME_DisplayItem *pFirstRun,
for (i = 1; i < pStream->nColorTblLen; i++)
if (pStream->colortbl[i] == crColor)
break;
- if (i == pStream->nColorTblLen) {
+ if (i == pStream->nColorTblLen && i < STREAMOUT_COLORTBL_SIZE) {
pStream->colortbl[i] = crColor;
pStream->nColorTblLen++;
}
@@ -236,7 +236,7 @@ ME_StreamOutRTFFontAndColorTbl(ME_OutStream *pStream, ME_DisplayItem *pFirstRun,
for (i = 1; i < pStream->nColorTblLen; i++)
if (pStream->colortbl[i] == crColor)
break;
- if (i == pStream->nColorTblLen) {
+ if (i == pStream->nColorTblLen && i < STREAMOUT_COLORTBL_SIZE) {
pStream->colortbl[i] = crColor;
pStream->nColorTblLen++;
}
More information about the wine-cvs
mailing list