cabinet: Fix overrun of static array (Coverity)

Andrew Talbot Andrew.Talbot at talbotville.com
Wed Jan 24 13:50:05 CST 2007


This patch is aimed at fixing Coverity CID-297. The existing code writes
52 values to a 51-value array. The patch code only writes the first 51.

Please let me know what is wrong with this patch.

Thanks,

-- Andy.
---
Changelog:
    cabinet: Fix overrun of static array (Coverity).

diff -urN a/dlls/cabinet/fdi.c b/dlls/cabinet/fdi.c
--- a/dlls/cabinet/fdi.c	2007-01-10 12:33:55.000000000 +0000
+++ b/dlls/cabinet/fdi.c	2007-01-24 19:43:10.000000000 +0000
@@ -882,9 +882,15 @@
   LZX(window_size) = wndsize;
 
   /* initialize static tables */
-  for (i=0, j=0; i <= 50; i += 2) {
-    CAB(extra_bits)[i] = CAB(extra_bits)[i+1] = j; /* 0,0,0,0,1,1,2,2,3,3... */
-    if ((i != 0) && (j < 17)) j++; /* 0,0,1,2,3,4...15,16,17,17,17,17... */
+    /* CAB(extra_bits)[] = 0,0,0,0,1,1,2,2,3,3,...,16,16,17,17,17,17,...,17 */
+  for (i = 0; i <= 50; i++) {
+    if (i < 2) {
+      CAB(extra_bits)[i] = 0;
+    }
+    else {
+      j = (i - 2) >> 1;
+      CAB(extra_bits)[i] = j <= 17 ? j : 17;
+    }
   }
   for (i=0, j=0; i <= 50; i++) {
     CAB(lzx_position_base)[i] = j; /* 0,1,2,3,4,6,8,12,16,24,32,... */



More information about the wine-patches mailing list