[PATCH] ole32: allocate more for FmtIdToPropStgName (Coverity)

Sat Jun 18 02:58:09 CDT 2016

713214 Out-of-bounds access
713213 Out-of-bounds access
713212 Out-of-bounds access

This is tricky. The define is for 31 characters. The MSDN page for
FmtIdToPropStgName however says
"The array allocated for this string must be at least CCH_MAX_PROPSTG_NAME (32) characters in length."

I left the define as-is, as google finds only 31 values.

Signed-off-by: Marcus Meissner <marcus at jet.franken.de>
---
 dlls/ole32/stg_prop.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dlls/ole32/stg_prop.c b/dlls/ole32/stg_prop.c
index 8e1aaef..a259883 100644
--- a/dlls/ole32/stg_prop.c
+++ b/dlls/ole32/stg_prop.c
@@ -2178,7 +2178,7 @@ static HRESULT WINAPI IPropertySetStorage_fnCreate(
     IPropertyStorage** ppprstg)
 {
     StorageImpl *This = impl_from_IPropertySetStorage(ppstg);
-    WCHAR name[CCH_MAX_PROPSTG_NAME];
+    WCHAR name[CCH_MAX_PROPSTG_NAME + 1];
     IStream *stm = NULL;
     HRESULT r;
 
@@ -2236,7 +2236,7 @@ static HRESULT WINAPI IPropertySetStorage_fnOpen(
 {
     StorageImpl *This = impl_from_IPropertySetStorage(ppstg);
     IStream *stm = NULL;
-    WCHAR name[CCH_MAX_PROPSTG_NAME];
+    WCHAR name[CCH_MAX_PROPSTG_NAME + 1];
     HRESULT r;
 
     TRACE("%p %s %08x %p\n", This, debugstr_guid(rfmtid), grfMode, ppprstg);
@@ -2280,7 +2280,7 @@ static HRESULT WINAPI IPropertySetStorage_fnDelete(
     REFFMTID rfmtid)
 {
     StorageImpl *This = impl_from_IPropertySetStorage(ppstg);
-    WCHAR name[CCH_MAX_PROPSTG_NAME];
+    WCHAR name[CCH_MAX_PROPSTG_NAME + 1];
     HRESULT r;
 
     TRACE("%p %s\n", This, debugstr_guid(rfmtid));
-- 
2.8.4


