From: Bernhard Übelacker <bernhardu@mailbox.org> Otherwise the call to WideCharToMultiByte does a lstrlenW, which may overrun the uninitialized destW buffer. --- dlls/setupapi/devinst.c | 3 ++- dlls/setupapi/tests/devinst.c | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/dlls/setupapi/devinst.c b/dlls/setupapi/devinst.c index f6bfcc483b0..744b424eb94 100644 --- a/dlls/setupapi/devinst.c +++ b/dlls/setupapi/devinst.c @@ -5287,12 +5287,13 @@ BOOL WINAPI SetupCopyOEMInfA( PCSTR source, PCSTR location, { BOOL ret = FALSE; LPWSTR destW = NULL, sourceW = NULL, locationW = NULL; - DWORD size; + DWORD size = 0; TRACE("%s, %s, %ld, %ld, %p, %ld, %p, %p\n", debugstr_a(source), debugstr_a(location), media_type, style, dest, buffer_size, required_size, component); if (dest && !(destW = MyMalloc( buffer_size * sizeof(WCHAR) ))) return FALSE; + if (destW) destW[0] = L'\0'; if (source && !(sourceW = strdupAtoW( source ))) goto done; if (location && !(locationW = strdupAtoW( location ))) goto done; diff --git a/dlls/setupapi/tests/devinst.c b/dlls/setupapi/tests/devinst.c index 98cec632219..d21a78b36ad 100644 --- a/dlls/setupapi/tests/devinst.c +++ b/dlls/setupapi/tests/devinst.c @@ -4654,6 +4654,13 @@ static void test_copy_oem_inf(struct testsign_context *ctx) ok(!ret, "Got %d.\n", ret); ok(GetLastError() == ERROR_FILE_NOT_FOUND, "Got error %#lx.\n", GetLastError()); + /* try a relative nonexistent SourceInfFileName, with dest parameter */ + memset(dest, 0xcc, sizeof(dest)); + SetLastError(0xdeadbeef); + ret = SetupCopyOEMInfA("nonexistent", NULL, 0, SP_COPY_NOOVERWRITE, dest, sizeof(dest), NULL, NULL); + ok(!ret, "Got %d.\n", ret); + ok(GetLastError() == ERROR_FILE_NOT_FOUND, "Got error %#lx.\n", GetLastError()); + /* try an absolute nonexistent SourceInfFileName */ GetCurrentDirectoryA(sizeof(path), path); strcat(path, "\\nonexistent"); -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/11014