Rob Shearman : kernel32: Fix uninitialised memory read in GetPrivateProfileStringA if GetPrivateProfileStringW returns 0 . - wine-commits

30 Nov 2009

Module: wine
Branch: master
Commit: 47acaeaea81e566ea0c47dbc34e06acbf257037c
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=47acaeaea81e566ea0c47dbc34...
Author: Rob Shearman robertshearman@gmail.com
Date:   Sun Nov 29 10:34:19 2009 +0000
kernel32: Fix uninitialised memory read in GetPrivateProfileStringA if GetPrivateProfileStringW returns 0.
The buffer that was passed into the function will remain
uninitialised. Fix reading from this by only reading retW characters
from bufferW and manually nul-terminating the string.
---
dlls/kernel32/profile.c |   11 +++++------
 1 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/dlls/kernel32/profile.c b/dlls/kernel32/profile.c
index 5a9bd12..b5f7c0f 100644
--- a/dlls/kernel32/profile.c
+++ b/dlls/kernel32/profile.c
@@ -1173,14 +1173,13 @@ INT WINAPI GetPrivateProfileStringA( LPCSTR section, LPCSTR entry,
                                      filenameW.Buffer);
     if (len)
     {
-        ret = WideCharToMultiByte(CP_ACP, 0, bufferW, retW + 1, buffer, len, NULL, NULL);
-        if (!ret)
+        if (retW)
         {
-            ret = len - 1;
-            buffer[ret] = 0;
+            ret = WideCharToMultiByte(CP_ACP, 0, bufferW, retW, buffer, len - 1, NULL, NULL);
+            if (!ret)
+                ret = len - 1;
         }
-        else
-            ret--; /* strip terminating 0 */
+        buffer[ret] = 0;
     }
RtlFreeUnicodeString(&sectionW);

    