[PATCH] user32: Fix a potential buffer overflow.

Fri Apr 21 09:07:31 CDT 2017

Signed-off-by: Huw Davies <huw at codeweavers.com>
---
 dlls/user32/sysparams.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dlls/user32/sysparams.c b/dlls/user32/sysparams.c
index 63c4ffe070..67b052e7f7 100644
--- a/dlls/user32/sysparams.c
+++ b/dlls/user32/sysparams.c
@@ -548,7 +548,7 @@ static DWORD load_entry( struct sysparam_entry *entry, void *data, DWORD size )
         if (RegQueryValueExW( base_key, entry->regval + 1, NULL, &type, data, &count )) count = 0;
     }
     /* make sure strings are null-terminated */
-    if (size && count == size && type == REG_SZ) ((WCHAR *)data)[count - 1] = 0;
+    if (size && count == size && type == REG_SZ) ((WCHAR *)data)[count / sizeof(WCHAR) - 1] = 0;
     entry->loaded = TRUE;
     return count;
 }
-- 
2.12.0


