[PATCH] xmllite: Avoid out of bounds access in readerinput_get_utf8_convlen().
Nikolay Sivov
nsivov at codeweavers.com
Thu Apr 15 04:16:01 CDT 2021
On 4/14/21 3:48 PM, Paul Gofman wrote:
> @@ -1069,6 +1072,9 @@ static HRESULT reader_more(xmlreader *reader)
>
> /* get some raw data from stream first */
> hr = readerinput_growraw(readerinput);
> + if (!src->written)
> + return hr ? hr : MX_E_INPUTEND;
> +
> len = readerinput_get_convlen(readerinput);
> prev_len = dest->written / sizeof(WCHAR);
I think it's safe to move this to growraw() directly, checking for
resulting buffer->written there.
More information about the wine-devel
mailing list