[PATCH] d3dxof: fixed potential 1 byte overwrite (coverity)
Marcus Meissner
marcus at jet.franken.de
Thu Oct 30 18:05:50 CDT 2008
Hi,
Coverity CID 811, tmp[pos] could be called with pos 32,
aka sizeof(tmp). Check for it. (I leave out the
tmp[sizeof(tmp)-1] = 0 in the else case, its too ugly.)
Ciao, Marcus
---
dlls/d3dxof/d3dxof.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/dlls/d3dxof/d3dxof.c b/dlls/d3dxof/d3dxof.c
index ca4eb73..0c06eb1 100644
--- a/dlls/d3dxof/d3dxof.c
+++ b/dlls/d3dxof/d3dxof.c
@@ -650,7 +650,7 @@ static BOOL is_string(parse_buffer* buf)
return FALSE;
tmp[0] = '"';
- while (!is_separator(c = *(buf->buffer+pos)) && (pos < 32))
+ while (!is_separator(c = *(buf->buffer+pos)) && (pos < sizeof(tmp)))
{
tmp[pos++] = c;
if (c == '"')
@@ -659,7 +659,8 @@ static BOOL is_string(parse_buffer* buf)
break;
}
}
- tmp[pos] = 0;
+ if (pos < sizeof(tmp))
+ tmp[pos] = 0;
if (!ok)
{
--
1.5.6
More information about the wine-patches
mailing list