reg: Fail if the data value passed with REG_DWORD will cause an overflow
Alexandre Julliard
julliard at winehq.org
Fri Feb 19 22:54:49 CST 2016
Hugh McMaster <hugh.mcmaster at outlook.com> writes:
> @@ -243,8 +243,17 @@ static LPBYTE get_regdata(LPWSTR data, DWORD reg_type, WCHAR separator, DWORD *r
> {
> LPWSTR rest;
> DWORD val;
> + BOOL overflow = FALSE;
> + if (data[1] == 'x')
> + {
> + WCHAR *ptr = &data[2];
> + while (*ptr == '0')
> + ptr++;
> + if (strlenW(ptr) > 8)
> + overflow = TRUE;
> + }
> val = strtoulW(data, &rest, (data[1] == 'x') ? 16 : 10);
You won't be able to catch base 10 overflows this way. It probably needs
a more general solution (and some more test cases...)
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list