Alexandre Julliard : setupapi: Fix buffer overflow in load_fake_dll.
Alexandre Julliard
julliard at winehq.org
Fri Oct 12 11:37:44 CDT 2012
Module: wine
Branch: master
Commit: 8418115edfc785242c16ba1eca5c5a14f6e663b9
URL: http://source.winehq.org/git/wine.git/?a=commit;h=8418115edfc785242c16ba1eca5c5a14f6e663b9
Author: Alexandre Julliard <julliard at winehq.org>
Date: Fri Oct 12 11:21:14 2012 +0200
setupapi: Fix buffer overflow in load_fake_dll.
Found by Daniel Lehman.
---
dlls/setupapi/fakedll.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/dlls/setupapi/fakedll.c b/dlls/setupapi/fakedll.c
index 645b7e8..7393e40 100644
--- a/dlls/setupapi/fakedll.c
+++ b/dlls/setupapi/fakedll.c
@@ -394,13 +394,13 @@ static void *load_fake_dll( const WCHAR *name, SIZE_T *size )
if ((p = strrchrW( name, '\\' ))) name = p + 1;
i = 0;
- if (build_dir) maxlen = strlen(build_dir) + sizeof("/programs/") + strlenW(name);
+ len = strlenW( name );
+ if (build_dir) maxlen = strlen(build_dir) + sizeof("/programs/") + len;
while ((path = wine_dll_enum_load_path( i++ ))) maxlen = max( maxlen, strlen(path) );
- maxlen += sizeof("/fakedlls") + strlenW(name) + 2;
+ maxlen += sizeof("/fakedlls") + len + sizeof(".fake");
if (!(file = HeapAlloc( GetProcessHeap(), 0, maxlen ))) return NULL;
- len = strlenW( name );
pos = maxlen - len - sizeof(".fake");
if (!dll_name_WtoA( file + pos, name, len )) goto done;
file[--pos] = '/';
More information about the wine-cvs
mailing list