comdlg32: check for overflow before dereferencing (resend)
Pierre Schweitzer
pierre at reactos.org
Sun May 1 14:32:16 CDT 2016
Le 01/05/2016 17:49, Sebastian Lackner a écrit :
> On 01.05.2016 17:30, Pierre Schweitzer wrote:
>> - while ((lpstrEdit[nStrCharCount]!='"') && (nStrCharCount <= nStrLen))
>> + while ((nStrCharCount <= nStrLen) && (lpstrEdit[nStrCharCount]!='"'))
>
> The change looks correct, but while you are just it, you might also want to fix
> the operator here. It probably should be <, otherwise the loop will also copy
> the terminating \0 character. Same for the comparison a couple of lines above.
>
Hum. Indeed.
But given the side effects the proposed can have (off-by-one bugs are
rather nasty). I'd rather do it in a second commit. Unless you want all
in one Alexandre?
Thanks for the review!
--
Pierre Schweitzer <pierre at reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3960 bytes
Desc: Signature cryptographique S/MIME
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20160501/0229c5b0/attachment.bin>
More information about the wine-devel
mailing list