14 Nov
2012
14 Nov
'12
10:22 a.m.
On Wed, 2012-11-14 at 09:48 +0100, Stefan Leichter wrote:
+ char buffer[6]; + unsigned int buflen, *size = (unsigned int*) buffer;
- if (len < 9 || !cred_decode( cred + 3, 6, (char *)&size ) || !size || size % sizeof(WCHAR)) + if (len < 9 || !cred_decode( cred + 3, 6, buffer ) || !*size || *size % sizeof(WCHAR))
You're still truncating the decoded size. You should instead make 'size' a ULONGLONG and initialize it to 0. Is this little-endian ARM?