Eduard Permyakov : xmllite: Don't lose terminating character when shrinking buffer.
Alexandre Julliard
julliard at winehq.org
Tue Aug 10 16:24:09 CDT 2021
Module: wine
Branch: master
Commit: 2d33f406c93bc0d5c0ec6053a3967a19ee5e9f72
URL: https://source.winehq.org/git/wine.git/?a=commit;h=2d33f406c93bc0d5c0ec6053a3967a19ee5e9f72
Author: Eduard Permyakov <epermyakov at codeweavers.com>
Date: Fri Aug 6 15:01:16 2021 +0300
xmllite: Don't lose terminating character when shrinking buffer.
The utf16 buffer is expected to be terminated by a '0' character.
Flawed buffer shrinking logic would move the buffer contents but
forget about the terminating character, which could cause reading
junk past the end of the buffer contents.
Signed-off-by: Eduard Permyakov <epermyakov at codeweavers.com>
Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/xmllite/reader.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/dlls/xmllite/reader.c b/dlls/xmllite/reader.c
index a5a75c29887..834c36ae18c 100644
--- a/dlls/xmllite/reader.c
+++ b/dlls/xmllite/reader.c
@@ -2128,6 +2128,7 @@ static HRESULT reader_parse_reference(xmlreader *reader)
memmove(start + 1, ptr + 1, len);
buffer->written -= (reader_get_cur(reader) - cur) * sizeof(WCHAR);
+ *(WCHAR*)(buffer->data + buffer->written) = 0;
buffer->cur = cur + 1;
*start = ch;
@@ -2151,6 +2152,7 @@ static HRESULT reader_parse_reference(xmlreader *reader)
memmove(start+1, ptr+1, len);
buffer->cur = cur + 1;
buffer->written -= (ptr - start) * sizeof(WCHAR);
+ *(WCHAR*)(buffer->data + buffer->written) = 0;
*start = ch;
}
More information about the wine-cvs
mailing list