Piotr Caban : msvcp: Prevent overflows while operating on string sizes.
Alexandre Julliard
julliard at winehq.org
Tue Sep 11 16:59:07 CDT 2012
Module: wine
Branch: master
Commit: 39e9ac03179363d0586e65a753c50d9791af5673
URL: http://source.winehq.org/git/wine.git/?a=commit;h=39e9ac03179363d0586e65a753c50d9791af5673
Author: Piotr Caban <piotr at codeweavers.com>
Date: Tue Sep 11 16:08:56 2012 +0200
msvcp: Prevent overflows while operating on string sizes.
---
dlls/msvcp100/string.c | 12 ++++++------
dlls/msvcp60/string.c | 20 ++++++++++----------
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/dlls/msvcp100/string.c b/dlls/msvcp100/string.c
index bbd01b4..5fb117f 100644
--- a/dlls/msvcp100/string.c
+++ b/dlls/msvcp100/string.c
@@ -977,7 +977,7 @@ int __thiscall MSVCP_basic_string_char_compare_substr_cstr_len(
if(this->size < pos)
MSVCP__String_base_Xran();
- if(pos+num > this->size)
+ if(num > this->size-pos)
num = this->size-pos;
ans = MSVCP_char_traits_char_compare(basic_string_char_const_ptr(this)+pos,
@@ -1024,7 +1024,7 @@ int __thiscall MSVCP_basic_string_char_compare_substr_substr(
if(compare->size < off)
MSVCP__String_base_Xran();
- if(off+count > compare->size)
+ if(count > compare->size-off)
count = compare->size-off;
return MSVCP_basic_string_char_compare_substr_cstr_len(this, pos, num,
@@ -1512,7 +1512,7 @@ basic_string_char* __thiscall basic_string_char_replace_substr(basic_string_char
if(str->size < str_off)
MSVCP__String_base_Xran();
- if(str_off+str_len > str->size)
+ if(str_len > str->size-str_off)
str_len = str->size-str_off;
return basic_string_char_replace_cstr_len(this, off, len,
@@ -2690,7 +2690,7 @@ int __thiscall MSVCP_basic_string_wchar_compare_substr_cstr_len(
if(this->size < pos)
MSVCP__String_base_Xran();
- if(pos+num > this->size)
+ if(num > this->size-pos)
num = this->size-pos;
ans = MSVCP_char_traits_wchar_compare(basic_string_wchar_const_ptr(this)+pos,
@@ -2743,7 +2743,7 @@ int __thiscall MSVCP_basic_string_wchar_compare_substr_substr(
if(compare->size < off)
MSVCP__String_base_Xran();
- if(off+count > compare->size)
+ if(count > compare->size-off)
count = compare->size-off;
return MSVCP_basic_string_wchar_compare_substr_cstr_len(this, pos, num,
@@ -3218,7 +3218,7 @@ basic_string_wchar* __thiscall basic_string_wchar_replace_substr(basic_string_wc
if(str->size < str_off)
MSVCP__String_base_Xran();
- if(str_off+str_len > str->size)
+ if(str_len > str->size-str_off)
str_len = str->size-str_off;
return basic_string_wchar_replace_cstr_len(this, off, len,
diff --git a/dlls/msvcp60/string.c b/dlls/msvcp60/string.c
index 2553e5b..2180149 100644
--- a/dlls/msvcp60/string.c
+++ b/dlls/msvcp60/string.c
@@ -549,7 +549,7 @@ int __thiscall basic_string_char_compare_substr_cstr_len(
if(this->size < pos)
_Xran();
- if(pos+num > this->size)
+ if(num > this->size-pos)
num = this->size-pos;
ans = char_traits_char_compare(this->ptr+pos,
@@ -586,7 +586,7 @@ int __thiscall basic_string_char_compare_substr_substr(
if(compare->size < off)
_Xran();
- if(off+count > compare->size)
+ if(count > compare->size-off)
count = compare->size-off;
return basic_string_char_compare_substr_cstr_len(this, pos, num,
@@ -1338,7 +1338,7 @@ basic_string_char* __thiscall basic_string_char_replace_cstr_len(basic_string_ch
if(this->size < off)
_Xran();
- if(off+len > this->size)
+ if(len > this->size-off)
len = this->size-off;
if(basic_string_char_npos-str_len <= this->size-len)
@@ -1388,7 +1388,7 @@ basic_string_char* __thiscall basic_string_char_replace_substr(basic_string_char
if(str->size < str_off)
_Xran();
- if(str_off+str_len > str->size)
+ if(str_len > str->size-str_off)
str_len = str->size-str_off;
return basic_string_char_replace_cstr_len(this, off, len,
@@ -1418,7 +1418,7 @@ basic_string_char* __thiscall basic_string_char_replace_ch(basic_string_char *th
if(this->size < off)
_Xran();
- if(off+len > this->size)
+ if(len > this->size-off)
len = this->size-off;
if(basic_string_char_npos-count <= this->size-len)
@@ -2239,7 +2239,7 @@ int __thiscall basic_string_wchar_compare_substr_cstr_len(
if(this->size < pos)
_Xran();
- if(pos+num > this->size)
+ if(num > this->size-pos)
num = this->size-pos;
ans = char_traits_wchar_compare(this->ptr+pos,
@@ -2276,7 +2276,7 @@ int __thiscall basic_string_wchar_compare_substr_substr(
if(compare->size < off)
_Xran();
- if(off+count > compare->size)
+ if(count > compare->size-off)
count = compare->size-off;
return basic_string_wchar_compare_substr_cstr_len(this, pos, num,
@@ -3028,7 +3028,7 @@ basic_string_wchar* __thiscall basic_string_wchar_replace_cstr_len(basic_string_
if(this->size < off)
_Xran();
- if(off+len > this->size)
+ if(len > this->size-off)
len = this->size-off;
if(basic_string_wchar_npos-str_len <= this->size-len)
@@ -3078,7 +3078,7 @@ basic_string_wchar* __thiscall basic_string_wchar_replace_substr(basic_string_wc
if(str->size < str_off)
_Xran();
- if(str_off+str_len > str->size)
+ if(str_len > str->size-str_off)
str_len = str->size-str_off;
return basic_string_wchar_replace_cstr_len(this, off, len,
@@ -3108,7 +3108,7 @@ basic_string_wchar* __thiscall basic_string_wchar_replace_ch(basic_string_wchar
if(this->size < off)
_Xran();
- if(off+len > this->size)
+ if(len > this->size-off)
len = this->size-off;
if(basic_string_wchar_npos-count <= this->size-len)
More information about the wine-cvs
mailing list