[PATCH] msvcrt: fix character/byte confusion in buffer overflow branch
Juan Lang
juan.lang at gmail.com
Tue May 7 11:20:02 CDT 2013
On Tue, May 7, 2013 at 9:10 AM, Piotr Caban <piotr.caban at gmail.com> wrote:
> On 05/07/13 17:46, Juan Lang wrote:
>
>> In general, I think you want to send this to wine-patches, not here.
>>
> This patch was also sent to wine-patches.
>
> On Mon, May 6, 2013 at 12:26 PM, Max Kellermann <max at duempel.org
>> <mailto:max at duempel.org>> wrote:
>>
>> ---
>> dlls/msvcrt/printf.h | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/dlls/msvcrt/printf.h b/dlls/msvcrt/printf.h
>> index cfba4b7..8b749bc 100644
>> --- a/dlls/msvcrt/printf.h
>> +++ b/dlls/msvcrt/printf.h
>> @@ -48,7 +48,7 @@ static int FUNC_NAME(puts_clbk_str)(void *ctx, int
>> len, const APICHAR *str)
>> return len;
>>
>> if(out->len < len) {
>> - memcpy(out->buf, str, out->len);
>> + memcpy(out->buf, str, out->len*sizeof(APICHAR));
>> out->buf += out->len;
>>
>>
>> If the memcpy was incorrect, the += is also incorrect. I'm not sure
>> which is the case, but either way, your patch can't be correct as is.
>>
> out->buf is of APICHAR* type, so it's updated correctly. The patch looks
> good for me.
>
Thanks, Piotr. Max, my apologies for the sloppy review.
--Juan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20130507/c54c3250/attachment.html>
More information about the wine-devel
mailing list