=?UTF-8?Q?Roman=20Pi=C5=A1l=20?=: user32: Fix buffer overflow in EDIT_EM_ReplaceSel().
Alexandre Julliard
julliard at winehq.org
Wed Oct 19 20:47:58 CDT 2016
Module: wine
Branch: master
Commit: 9de8ea75645d7092f888ddd7572f35204e672757
URL: http://source.winehq.org/git/wine.git/?a=commit;h=9de8ea75645d7092f888ddd7572f35204e672757
Author: Roman Pišl <rpisl at seznam.cz>
Date: Tue Oct 18 00:34:55 2016 +0200
user32: Fix buffer overflow in EDIT_EM_ReplaceSel().
After EN_MAXTEXT notification, available space may be larger than
length of the string. This must be checked and strl must not be
set to a value larger than the actual length of the string.
Signed-off-by: Roman Pišl <rpisl at seznam.cz>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/user32/edit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/user32/edit.c b/dlls/user32/edit.c
index f5cd3c4..78d78ea 100644
--- a/dlls/user32/edit.c
+++ b/dlls/user32/edit.c
@@ -2598,7 +2598,7 @@ static void EDIT_EM_ReplaceSel(EDITSTATE *es, BOOL can_undo, LPCWSTR lpsz_replac
if (es->buffer_limit < (tl - (e-s)))
strl = 0;
else
- strl = es->buffer_limit - (tl - (e-s));
+ strl = min(strl, es->buffer_limit - (tl - (e-s)));
}
if (!EDIT_MakeFit(es, tl - (e - s) + strl))
More information about the wine-cvs
mailing list