Akihiro Sagawa : user32: Fix wsprintfA's buffer usage when using %S.
Alexandre Julliard
julliard at winehq.org
Mon Aug 3 16:35:35 CDT 2020
Module: wine
Branch: master
Commit: 8baf70a2d04d227de28452c819c48f3bfd5171a4
URL: https://source.winehq.org/git/wine.git/?a=commit;h=8baf70a2d04d227de28452c819c48f3bfd5171a4
Author: Akihiro Sagawa <sagawa.aki at gmail.com>
Date: Sun Aug 2 19:39:58 2020 +0900
user32: Fix wsprintfA's buffer usage when using %S.
This fixes a regression introduced by
08bf605acb4d319e016a7eafe0c675509445bd4a.
It could lead to stack corruption because ret can be negative when the
output position, p, doesn't point the beginning of the buffer before
the inner loop.
Signed-off-by: Akihiro Sagawa <sagawa.aki at gmail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/user32/wsprintf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/user32/wsprintf.c b/dlls/user32/wsprintf.c
index db02f06634..ac57603b76 100644
--- a/dlls/user32/wsprintf.c
+++ b/dlls/user32/wsprintf.c
@@ -413,8 +413,8 @@ static INT wvsnprintfA( LPSTR buffer, UINT maxlen, LPCSTR spec, __ms_va_list arg
{
CHAR mb[5]; /* 5 is MB_LEN_MAX */
int ret = WideCharToMultiByte( CP_ACP, 0, ptr, 1, mb, sizeof(mb), NULL, NULL );
+ if (ret > len - i) ret = len - i;
i += ret;
- if (i > len) ret = len - (p - buffer);
memcpy( p, mb, ret );
p += ret;
}
More information about the wine-cvs
mailing list