Module: wine Branch: master Commit: caa301a73670d49a4553faab165d65f44c315693 URL: http://source.winehq.org/git/wine.git/?a=commit;h=caa301a73670d49a4553faab16...
Author: Marcus Meissner marcus@jet.franken.de Date: Fri Nov 24 08:45:57 2006 +0100
oleaut32: Protect against integer overflow in SysAllocStringLen.
---
dlls/oleaut32/oleaut.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/dlls/oleaut32/oleaut.c b/dlls/oleaut32/oleaut.c index 8ffdc72..d6a08a9 100644 --- a/dlls/oleaut32/oleaut.c +++ b/dlls/oleaut32/oleaut.c @@ -20,6 +20,7 @@
#include <stdarg.h> #include <string.h> +#include <limits.h>
#define COBJMACROS
@@ -217,6 +218,9 @@ BSTR WINAPI SysAllocStringLen(const OLEC DWORD* newBuffer; WCHAR* stringBuffer;
+ /* Detect integer overflow. */ + if (len >= ((UINT_MAX-sizeof(WCHAR)-sizeof(DWORD))/sizeof(WCHAR))) + return NULL; /* * Find the length of the buffer passed-in, in bytes. */ @@ -234,8 +238,8 @@ BSTR WINAPI SysAllocStringLen(const OLEC /* * If the memory allocation failed, return a null pointer. */ - if (newBuffer==0) - return 0; + if (!newBuffer) + return NULL;
/* * Copy the length of the string in the placeholder.