Module: wine Branch: master Commit: cd2e053237bc0dfb3e9ddc074426b3eefb124389 URL: https://source.winehq.org/git/wine.git/?a=commit;h=cd2e053237bc0dfb3e9ddc074...
Author: Zebediah Figura z.figura12@gmail.com Date: Sun Mar 22 19:11:29 2020 -0500
ntdll: Fix the overflow check in read_changes_apc().
Signed-off-by: Zebediah Figura z.figura12@gmail.com Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/ntdll/file.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/dlls/ntdll/file.c b/dlls/ntdll/file.c index 5175e9d5ce..5b60c887e2 100644 --- a/dlls/ntdll/file.c +++ b/dlls/ntdll/file.c @@ -1768,16 +1768,17 @@ static NTSTATUS read_changes_apc( void *user, IO_STATUS_BLOCK *iosb, NTSTATUS st
while (size && left >= sizeof(*pfni)) { + DWORD len = (left - offsetof(FILE_NOTIFY_INFORMATION, FileName)) / sizeof(WCHAR); + /* convert to an NT style path */ for (i = 0; i < event->len; i++) if (event->name[i] == '/') event->name[i] = '\';
pfni->Action = event->action; - pfni->FileNameLength = ntdll_umbstowcs( event->name, event->len, pfni->FileName, - (left - offsetof(FILE_NOTIFY_INFORMATION, FileName)) / sizeof(WCHAR)); + pfni->FileNameLength = ntdll_umbstowcs( event->name, event->len, pfni->FileName, len ); last_entry_offset = &pfni->NextEntryOffset;
- if (pfni->FileNameLength == -1 || pfni->FileNameLength == -2) break; + if (pfni->FileNameLength == len) break;
i = offsetof(FILE_NOTIFY_INFORMATION, FileName[pfni->FileNameLength]); pfni->FileNameLength *= sizeof(WCHAR);