fix a too small buffer in CredUnmarshalCredentialW
Hans Leidekker
hans at codeweavers.com
Wed Nov 14 04:22:48 CST 2012
On Wed, 2012-11-14 at 09:48 +0100, Stefan Leichter wrote:
> + char buffer[6];
> + unsigned int buflen, *size = (unsigned int*) buffer;
>
> - if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) || !size || size % sizeof(WCHAR))
> + if (len < 9 || !cred_decode( cred + 3, 6, buffer ) || !*size || *size % sizeof(WCHAR))
You're still truncating the decoded size. You should instead make 'size' a
ULONGLONG and initialize it to 0.
Is this little-endian ARM?
More information about the wine-devel
mailing list