[PATCH] msvcrt: fix character/byte confusion in buffer overflow branch

Piotr Caban piotr.caban at gmail.com
Tue May 7 11:10:00 CDT 2013


On 05/07/13 17:46, Juan Lang wrote:
> In general, I think you want to send this to wine-patches, not here.
This patch was also sent to wine-patches.

> On Mon, May 6, 2013 at 12:26 PM, Max Kellermann <max at duempel.org
> <mailto:max at duempel.org>> wrote:
>
>     ---
>       dlls/msvcrt/printf.h |    2 +-
>       1 file changed, 1 insertion(+), 1 deletion(-)
>
>     diff --git a/dlls/msvcrt/printf.h b/dlls/msvcrt/printf.h
>     index cfba4b7..8b749bc 100644
>     --- a/dlls/msvcrt/printf.h
>     +++ b/dlls/msvcrt/printf.h
>     @@ -48,7 +48,7 @@ static int FUNC_NAME(puts_clbk_str)(void *ctx, int
>     len, const APICHAR *str)
>               return len;
>
>           if(out->len < len) {
>     -        memcpy(out->buf, str, out->len);
>     +        memcpy(out->buf, str, out->len*sizeof(APICHAR));
>               out->buf += out->len;
>
>
> If the memcpy was incorrect, the += is also incorrect. I'm not sure
> which is the case, but either way, your patch can't be correct as is.
out->buf is of APICHAR* type, so it's updated correctly. The patch looks 
good for me.



More information about the wine-devel mailing list