Marcus Meissner : advapi32: Fixed NULL ptr deref in QueryServiceConfig2A ( Coverity).

Alexandre Julliard julliard at winehq.org
Mon Feb 2 09:01:17 CST 2009


Module: wine
Branch: master
Commit: 45a12690131da7a486167aeba16a5865546a65b4
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=45a12690131da7a486167aeba16a5865546a65b4

Author: Marcus Meissner <marcus at jet.franken.de>
Date:   Sat Jan 31 11:40:02 2009 +0100

advapi32: Fixed NULL ptr deref in QueryServiceConfig2A (Coverity).

---

 dlls/advapi32/service.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/dlls/advapi32/service.c b/dlls/advapi32/service.c
index a76c27b..e0efa2b 100644
--- a/dlls/advapi32/service.c
+++ b/dlls/advapi32/service.c
@@ -1365,9 +1365,10 @@ BOOL WINAPI QueryServiceConfig2A(SC_HANDLE hService, DWORD dwLevel, LPBYTE buffe
 
     switch(dwLevel) {
         case SERVICE_CONFIG_DESCRIPTION:
-            {   LPSERVICE_DESCRIPTIONA configA = (LPSERVICE_DESCRIPTIONA) buffer;
+            if (buffer && bufferW) {
+                LPSERVICE_DESCRIPTIONA configA = (LPSERVICE_DESCRIPTIONA) buffer;
                 LPSERVICE_DESCRIPTIONW configW = (LPSERVICE_DESCRIPTIONW) bufferW;
-                if (configW->lpDescription) {
+                if (configW->lpDescription && (size > sizeof(SERVICE_DESCRIPTIONA))) {
                     DWORD sz;
                     configA->lpDescription = (LPSTR)(configA + 1);
                     sz = WideCharToMultiByte( CP_ACP, 0, configW->lpDescription, -1,
@@ -1380,10 +1381,11 @@ BOOL WINAPI QueryServiceConfig2A(SC_HANDLE hService, DWORD dwLevel, LPBYTE buffe
                 }
                 else configA->lpDescription = NULL;
             }
-        break;
+            break;
         default:
             FIXME("conversation W->A not implemented for level %d\n", dwLevel);
             ret = FALSE;
+            break;
     }
 
 cleanup:




More information about the wine-cvs mailing list