odbccp32: Implement SQLGetPrivateProfileStringW/SQLGetPrivateProfileString
Nikolay Sivov
bunglehead at gmail.com
Mon Jul 20 06:12:29 CDT 2015
On 20.07.2015 12:53, Alistair Leslie-Hughes wrote:
> + else
> + {
> + WCHAR name[MAX_PATH];
> + DWORD index = 0;
> + DWORD namelen;
> +
> + usedefault = FALSE;
> +
> + memset(buff, 0, buff_len);
> + namelen = sizeof(name);
> + while (RegEnumValueW(sectionkey, index, name, &namelen, NULL, NULL, NULL, NULL ) == ERROR_SUCCESS)
> + {
> + lstrcpyW(buff+ret, name);
> + ret += namelen+1;
> + namelen = sizeof(name);
> + index++;
> + }
> + }
In this new case you unconditionally write to 'buff' without checking if
you already exceeded 'buff_len'. Also memset of whole buffer looks
suspicious and I don't see anything in tests that proves it.
More information about the wine-devel
mailing list