[PATCH v2 2/2] user32/listbox: Fix InitStorage heap extension

Gabriel Ivăncescu gabrielopcode at gmail.com
Wed Sep 19 10:38:28 CDT 2018


Signed-off-by: Gabriel Ivăncescu <gabrielopcode at gmail.com>
---

v2: Assume LB_ARRAY_GRANULARITY is a power of 2 and note it in the comments.

 dlls/user32/listbox.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/dlls/user32/listbox.c b/dlls/user32/listbox.c
index c8bd148..af325d2 100644
--- a/dlls/user32/listbox.c
+++ b/dlls/user32/listbox.c
@@ -36,7 +36,7 @@
 
 WINE_DEFAULT_DEBUG_CHANNEL(listbox);
 
-/* Items array granularity */
+/* Items array granularity; must be a power of 2 */
 #define LB_ARRAY_GRANULARITY 16
 
 /* Scrolling timeout in ms */
@@ -698,16 +698,18 @@ static LRESULT LISTBOX_InitStorage( LB_DESCR *descr, INT nb_items )
 {
     LB_ITEMDATA *item;
 
-    nb_items += LB_ARRAY_GRANULARITY - 1;
-    nb_items -= (nb_items % LB_ARRAY_GRANULARITY);
     if (descr->items) {
-        nb_items += HeapSize( GetProcessHeap(), 0, descr->items ) / sizeof(*item);
-	item = HeapReAlloc( GetProcessHeap(), 0, descr->items,
-                              nb_items * sizeof(LB_ITEMDATA));
+        nb_items += descr->nb_items;
+        if (nb_items > HeapSize(GetProcessHeap(), 0, descr->items) / sizeof(*item))
+        {
+            UINT n = (nb_items + LB_ARRAY_GRANULARITY - 1) & ~(LB_ARRAY_GRANULARITY - 1);
+            item = HeapReAlloc(GetProcessHeap(), 0, descr->items, n * sizeof(*item));
+        }
+        else return LB_OKAY;
     }
     else {
-	item = HeapAlloc( GetProcessHeap(), 0,
-                              nb_items * sizeof(LB_ITEMDATA));
+        UINT n = (nb_items + LB_ARRAY_GRANULARITY - 1) & ~(LB_ARRAY_GRANULARITY - 1);
+        item = HeapAlloc(GetProcessHeap(), 0, n * sizeof(*item));
     }
 
     if (!item)
-- 
1.9.1




More information about the wine-devel mailing list