[PATCH] avoid 1 byte overflow

Marcus Meissner marcus at jet.franken.de
Sun Feb 18 13:12:15 CST 2007


Hi,

Coverity spotted this too. CID 311.
cmd might just be returned as 256 WCHAR entry.

Ciao, Marcus
---
 dlls/shell32/shlexec.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/dlls/shell32/shlexec.c b/dlls/shell32/shlexec.c
index 63bda87..28bd6a0 100644
--- a/dlls/shell32/shlexec.c
+++ b/dlls/shell32/shlexec.c
@@ -897,6 +897,8 @@ static UINT_PTR execute_from_key(LPWSTR
 
         /* Is there a replace() function anywhere? */
         cmdlen /= sizeof(WCHAR);
+	if (cmdlen >= sizeof(cmd)/sizeof(WCHAR))
+	    cmdlen--;
         cmd[cmdlen] = '\0';
         if (!SHELL_ArgifyW(param, sizeof(param)/sizeof(WCHAR), cmd, lpFile, psei->lpIDList, szCommandline, &resultLen))
         {
-- 
1.4.3.4



More information about the wine-patches mailing list