kernel32/path: Potential off-by-one error, help needed!
Kirill Smirnov
lich at math.spbu.ru
Mon Apr 22 13:17:42 CDT 2013
Hi!
While debugging bug #33307
(http://bugs.winehq.org/show_bug.cgi?id=33307) I found a suspicious
piece of code, looking like off-by-one error.
Unfortunately, I'm not familiar with this part of wine and I don't
know how to write corresponding test case.
If you familiar with this module, please, take a look at this
wanna-be-a-bug and the proposed patch.
--
Kirill
-------------- next part --------------
diff --git a/dlls/kernel32/path.c b/dlls/kernel32/path.c
index 63d977b..7d0dc35 100644
--- a/dlls/kernel32/path.c
+++ b/dlls/kernel32/path.c
@@ -205,8 +205,12 @@ static BOOL add_boot_rename_entry( LPCWSTR source, LPCWSTR dest, DWORD flags )
if (dest)
{
if (flags & MOVEFILE_REPLACE_EXISTING)
+ {
*p++ = '!';
- memcpy( p, dest_name.Buffer, len2 );
+ memcpy( p, dest_name.Buffer, len2 - sizeof(WCHAR) );
+ }
+ else
+ memcpy( p, dest_name.Buffer, len2 );
DataSize += len2;
}
else
More information about the wine-devel
mailing list