[PATCH 0/1] MR2363: Update dlls/ntdll/wcstring.c
LPWSTR __cdecl wcsncpy( LPWSTR s1, LPCWSTR s2, size_t n ) { WCHAR *ret = s1; **//When encountering 0, the loop will jump out directly, but the pointer of s1 has been++, which leads to the memory overflow of the second for** for ( ; n; n--) if (!(*s1++ = *s2++)) break; for ( ; n; n--) *s1++ = 0; return ret; } -- https://gitlab.winehq.org/wine/wine/-/merge_requests/2363
From: li wenzhe <584592187(a)qq.com> --- dlls/ntdll/wcstring.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/dlls/ntdll/wcstring.c b/dlls/ntdll/wcstring.c index aa43c3de16b..96c51bd960f 100644 --- a/dlls/ntdll/wcstring.c +++ b/dlls/ntdll/wcstring.c @@ -353,7 +353,12 @@ int __cdecl wcsncmp( LPCWSTR str1, LPCWSTR str2, size_t n ) LPWSTR __cdecl wcsncpy( LPWSTR s1, LPCWSTR s2, size_t n ) { WCHAR *ret = s1; - for ( ; n; n--) if (!(*s1++ = *s2++)) break; + for ( ; n; n--) { + if (!(*s1++ = *s2++)) { + n--; + break; + } + } for ( ; n; n--) *s1++ = 0; return ret; } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/2363
Solve wcsncpy memory write overflow -- https://gitlab.winehq.org/wine/wine/-/merge_requests/2363#note_26590
Hi, Wenzhe, it would be better to use correct case for your name. "Wenzhe Li" or "Li Wenzhe" I think. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/2363#note_26609
yeah,Has been changed to Li Wenzhe -- https://gitlab.winehq.org/wine/wine/-/merge_requests/2363#note_26959
participants (4)
-
li wenzhe -
Li Wenzhe (@chrisli)
-
li wenzhe (@chrisli)
-
Ziqing Hui (@zhui)