Module: wine Branch: master Commit: caa301a73670d49a4553faab165d65f44c315693 URL: http://source.winehq.org/git/wine.git/?a=commit;h=caa301a73670d49a4553faab16... Author: Marcus Meissner <marcus(a)jet.franken.de> Date: Fri Nov 24 08:45:57 2006 +0100 oleaut32: Protect against integer overflow in SysAllocStringLen. --- dlls/oleaut32/oleaut.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/dlls/oleaut32/oleaut.c b/dlls/oleaut32/oleaut.c index 8ffdc72..d6a08a9 100644 --- a/dlls/oleaut32/oleaut.c +++ b/dlls/oleaut32/oleaut.c @@ -20,6 +20,7 @@ #include <stdarg.h> #include <string.h> +#include <limits.h> #define COBJMACROS @@ -217,6 +218,9 @@ BSTR WINAPI SysAllocStringLen(const OLEC DWORD* newBuffer; WCHAR* stringBuffer; + /* Detect integer overflow. */ + if (len >= ((UINT_MAX-sizeof(WCHAR)-sizeof(DWORD))/sizeof(WCHAR))) + return NULL; /* * Find the length of the buffer passed-in, in bytes. */ @@ -234,8 +238,8 @@ BSTR WINAPI SysAllocStringLen(const OLEC /* * If the memory allocation failed, return a null pointer. */ - if (newBuffer==0) - return 0; + if (!newBuffer) + return NULL; /* * Copy the length of the string in the placeholder.