[PATCH] advapi32: Fixed NULL ptr deref in QueryServiceConfig2A (Coverity)
Marcus Meissner
marcus at jet.franken.de
Sat Jan 31 04:40:02 CST 2009
Hi,
CID 823, buffer is expected to be NULL occasionly.
Ciao, Marcus
---
dlls/advapi32/service.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/dlls/advapi32/service.c b/dlls/advapi32/service.c
index a107397..27b6c7a 100644
--- a/dlls/advapi32/service.c
+++ b/dlls/advapi32/service.c
@@ -1365,9 +1365,10 @@ BOOL WINAPI QueryServiceConfig2A(SC_HANDLE hService, DWORD dwLevel, LPBYTE buffe
switch(dwLevel) {
case SERVICE_CONFIG_DESCRIPTION:
- { LPSERVICE_DESCRIPTIONA configA = (LPSERVICE_DESCRIPTIONA) buffer;
+ if (buffer && bufferW) {
+ LPSERVICE_DESCRIPTIONA configA = (LPSERVICE_DESCRIPTIONA) buffer;
LPSERVICE_DESCRIPTIONW configW = (LPSERVICE_DESCRIPTIONW) bufferW;
- if (configW->lpDescription) {
+ if (configW->lpDescription && (size > sizeof(SERVICE_DESCRIPTIONA))) {
DWORD sz;
configA->lpDescription = (LPSTR)(configA + 1);
sz = WideCharToMultiByte( CP_ACP, 0, configW->lpDescription, -1,
@@ -1380,10 +1381,11 @@ BOOL WINAPI QueryServiceConfig2A(SC_HANDLE hService, DWORD dwLevel, LPBYTE buffe
}
else configA->lpDescription = NULL;
}
- break;
+ break;
default:
FIXME("conversation W->A not implemented for level %d\n", dwLevel);
ret = FALSE;
+ break;
}
cleanup:
--
1.5.6
More information about the wine-patches
mailing list