[PATCH v6 2/3] mscoree: Allow loading of registration free .NET COM objects
Vincent Povirk
vincent at codeweavers.com
Tue Nov 13 13:30:06 CST 2018
> > To my knowledge, a .NET class name has no maximum size.
>
> Yeah, but we already had a fixed size buffer for that, so I figured I could leave it like that.
It's OK to have a fixed size buffer, but we need to make sure copying
the class name doesn't overrun the buffer.
> > This also
> > passes in a size for the filename but doesn't fully check it.
>
> What exactly has to be checked?
You append to the path without checking that the string will fit.
More information about the wine-devel
mailing list