[PATCH] msscript.ocx: Avoid buffer overflow when getting the type info.
Gabriel Ivăncescu
gabrielopcode at gmail.com
Mon Sep 23 08:14:12 CDT 2019
On 9/23/19 4:03 PM, Jacek Caban wrote:
> Hi Gabriel,
>
> On 9/23/19 2:53 PM, Gabriel Ivăncescu wrote:
>> @@ -139,6 +139,8 @@ static HRESULT get_typeinfo(tid_t tid, ITypeInfo
>> **typeinfo)
>> {
>> HRESULT hres;
>> + if (tid >= ARRAY_SIZE(typeinfos))
>> + return DISP_E_BADINDEX;
>
>
> This is an internal function, so invalid tid should never happen.
>
>
> Jacek
>
Hi Jacek,
Unless I'm misunderstanding something, it's called from GetTypeInfo,
GetIDsOfNames, Invoke, without any checking on the input. I didn't want
to duplicate the checks in each of them, though.
More information about the wine-devel
mailing list