[3/7] dxdiagn: Fix string copy behavior with an excessively short buffer in IDxDiagContainer::EnumChildContainerNames. (try 2)
Vitaliy Margolen
wine-devel at kievinfo.com
Sun Mar 14 16:08:45 CDT 2010
On 03/14/2010 11:04 AM, Andrew Nguyen wrote:
> --- a/dlls/dxdiagn/container.c
> +++ b/dlls/dxdiagn/container.c
> @@ -97,12 +97,10 @@ static HRESULT WINAPI IDxDiagContainerImpl_EnumChildContainerNames(PDXDIAGCONTAI
>
> p = This->subContainers;
> while (NULL != p) {
> - if (dwIndex == i) {
> - if (cchContainer <= strlenW(p->contName)) {
> - return DXDIAG_E_INSUFFICIENT_BUFFER;
> - }
> + if (dwIndex == i) {
> lstrcpynW(pwszContainer, p->contName, cchContainer);
> - return S_OK;
> + return (cchContainer <= strlenW(p->contName)) ?
> + DXDIAG_E_INSUFFICIENT_BUFFER : S_OK;
> }
You sure it's "<="? You still need one more character for \0.
Vitaliy.
More information about the wine-devel
mailing list