[1/4] regedit: Fix a buffer allocation in export_registry_key().
Francois Gouget
fgouget at codeweavers.com
Thu Nov 20 13:41:04 CST 2008
This fixes a major buffer overflow bug in 'regedit /E'.
---
programs/regedit/regproc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/programs/regedit/regproc.c b/programs/regedit/regproc.c
index c070ab0..6d04a44 100644
--- a/programs/regedit/regproc.c
+++ b/programs/regedit/regproc.c
@@ -1239,7 +1239,7 @@ BOOL export_registry_key(WCHAR *file_name, WCHAR *reg_key_name, DWORD format)
val_name_buf = HeapAlloc(GetProcessHeap(), 0,
val_name_size * sizeof(*val_name_buf));
val_buf = HeapAlloc(GetProcessHeap(), 0, val_size);
- line_buf = HeapAlloc(GetProcessHeap(), 0, line_buf_size);
+ line_buf = HeapAlloc(GetProcessHeap(), 0, line_buf_size * sizeof(*line_buf));
CHECK_ENOUGH_MEMORY(reg_key_name_buf && val_name_buf && val_buf && line_buf);
if (reg_key_name && reg_key_name[0]) {
--
1.5.6.5
More information about the wine-patches
mailing list