Daniel Lehman : msvcrt: Don't read past end of string in _strncoll/ _wcsncoll.

Alexandre Julliard julliard at winehq.org
Mon Aug 20 13:26:10 CDT 2018 

Module: wine
Branch: master
Commit: 368e9f39b4151a1094f62defeb308374061e137b
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=368e9f39b4151a1094f62defeb308374061e137b

Author: Daniel Lehman <dlehman at esri.com>
Date:   Fri Aug 17 18:51:00 2018 +0200

msvcrt: Don't read past end of string in _strncoll/_wcsncoll.

Signed-off-by: Daniel Lehman <dlehman at esri.com>
Signed-off-by: Piotr Caban <piotr at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/msvcrt/string.c | 4 +++-
 dlls/msvcrt/wcs.c    | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/dlls/msvcrt/string.c b/dlls/msvcrt/string.c
index c8cd390..37bc224 100644
--- a/dlls/msvcrt/string.c
+++ b/dlls/msvcrt/string.c
@@ -666,7 +666,9 @@ int CDECL MSVCRT__strncoll_l( const char* str1, const char* str2, MSVCRT_size_t
 
     if(!locinfo->lc_handle[MSVCRT_LC_COLLATE])
         return strncmp(str1, str2, count);
-    return CompareStringA(locinfo->lc_handle[MSVCRT_LC_COLLATE], 0, str1, count, str2, count)-CSTR_EQUAL;
+    return CompareStringA(locinfo->lc_handle[MSVCRT_LC_COLLATE], 0,
+              str1, MSVCRT_strnlen(str1, count),
+              str2, MSVCRT_strnlen(str2, count))-CSTR_EQUAL;
 }
 
 /*********************************************************************
diff --git a/dlls/msvcrt/wcs.c b/dlls/msvcrt/wcs.c
index ed73fc6..3b22f62 100644
--- a/dlls/msvcrt/wcs.c
+++ b/dlls/msvcrt/wcs.c
@@ -335,7 +335,9 @@ int CDECL MSVCRT__wcsncoll_l(const MSVCRT_wchar_t* str1, const MSVCRT_wchar_t* s
 
     if(!locinfo->lc_handle[MSVCRT_LC_COLLATE])
         return strncmpW(str1, str2, count);
-    return CompareStringW(locinfo->lc_handle[MSVCRT_LC_COLLATE], 0, str1, count, str2, count)-CSTR_EQUAL;
+    return CompareStringW(locinfo->lc_handle[MSVCRT_LC_COLLATE], 0,
+              str1, MSVCRT_wcsnlen(str1, count),
+              str2, MSVCRT_wcsnlen(str2, count))-CSTR_EQUAL;
 }
 
 /*********************************************************************

More information about the wine-cvs mailing list