kernel32/path: Potential off-by-one error, help needed!
Ken Thomases
ken at codeweavers.com
Mon Apr 22 19:54:21 CDT 2013
On Apr 22, 2013, at 1:17 PM, Kirill Smirnov wrote:
> While debugging bug #33307 (http://bugs.winehq.org/show_bug.cgi?id=33307) I found a suspicious piece of code, looking like off-by-one error.
>
> Unfortunately, I'm not familiar with this part of wine and I don't know how to write corresponding test case.
>
> If you familiar with this module, please, take a look at this wanna-be-a-bug and the proposed patch.
I'm not familiar with the module, but on reviewing your patch and the local code it does appear that you have found a bug. Your fix seems reasonable, although I think I'd change the memcpy() to use dest_name.Length + sizeof(WCHAR) as the length. That way you don't have to duplicate the memcpy with two different lengths.
I don't think you have to worry about a test case. This isn't a question about observable behavior of some Win32 API, it's just making Wine not write past the end of a buffer.
Cheers,
Ken
More information about the wine-devel
mailing list