Wininet Buffer Length Fixes
Alexandre Julliard
julliard at winehq.org
Tue Jul 13 15:43:15 CDT 2004
Robert Shearman <rob at codeweavers.com> writes:
> --- wine/dlls/wininet/http.c 4 Jul 2004 00:24:47 -0000 1.65
> +++ wine/dlls/wininet/http.c 13 Jul 2004 16:23:11 -0000
> @@ -1131,8 +1186,8 @@
> if( result )
> {
> len = WideCharToMultiByte( CP_ACP,0, bufferW, len / sizeof(WCHAR),
> - lpBuffer, *lpdwBufferLength, NULL, NULL );
> - *lpdwBufferLength = len * sizeof(WCHAR);
> + lpBuffer, *lpdwBufferLength+1, NULL, NULL );
> + *lpdwBufferLength = (len-1) * sizeof(CHAR);
It seems to me this would potentially write beyond the end of the
buffer, that doesn't look right.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list