Module: wine Branch: master Commit: 8418115edfc785242c16ba1eca5c5a14f6e663b9 URL: http://source.winehq.org/git/wine.git/?a=commit;h=8418115edfc785242c16ba1eca... Author: Alexandre Julliard <julliard(a)winehq.org> Date: Fri Oct 12 11:21:14 2012 +0200 setupapi: Fix buffer overflow in load_fake_dll. Found by Daniel Lehman. --- dlls/setupapi/fakedll.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dlls/setupapi/fakedll.c b/dlls/setupapi/fakedll.c index 645b7e8..7393e40 100644 --- a/dlls/setupapi/fakedll.c +++ b/dlls/setupapi/fakedll.c @@ -394,13 +394,13 @@ static void *load_fake_dll( const WCHAR *name, SIZE_T *size ) if ((p = strrchrW( name, '\\' ))) name = p + 1; i = 0; - if (build_dir) maxlen = strlen(build_dir) + sizeof("/programs/") + strlenW(name); + len = strlenW( name ); + if (build_dir) maxlen = strlen(build_dir) + sizeof("/programs/") + len; while ((path = wine_dll_enum_load_path( i++ ))) maxlen = max( maxlen, strlen(path) ); - maxlen += sizeof("/fakedlls") + strlenW(name) + 2; + maxlen += sizeof("/fakedlls") + len + sizeof(".fake"); if (!(file = HeapAlloc( GetProcessHeap(), 0, maxlen ))) return NULL; - len = strlenW( name ); pos = maxlen - len - sizeof(".fake"); if (!dll_name_WtoA( file + pos, name, len )) goto done; file[--pos] = '/';