Andrew Nguyen : winevdm: Fix incorrect heap allocation sizes and possible out-of-bounds access in find_dosbox helper . - wine-commits

18 Apr 2011

Module: wine
Branch: master
Commit: 3474e3da22c767c2ea3472120f032576733bcdd6
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=3474e3da22c767c2ea3472120f...
Author: Andrew Nguyen anguyen@codeweavers.com
Date:   Sat Apr 16 03:25:15 2011 -0500
winevdm: Fix incorrect heap allocation sizes and possible out-of-bounds access in find_dosbox helper.
---
programs/winevdm/winevdm.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/programs/winevdm/winevdm.c b/programs/winevdm/winevdm.c
index ca55d80..0aaf041 100644
--- a/programs/winevdm/winevdm.c
+++ b/programs/winevdm/winevdm.c
@@ -114,11 +114,15 @@ static char *find_dosbox(void)
     const char *envpath = getenv( "PATH" );
     struct stat st;
     char *path, *p, *buffer, *dir;
+    size_t envpath_len;
if (!envpath) return NULL;
-    path = HeapAlloc( GetProcessHeap(), 0, strlen(envpath) );
-    buffer = HeapAlloc( GetProcessHeap(), 0, strlen(path) + sizeof("/dosbox") );
+
+    envpath_len = strlen( envpath );
+    path = HeapAlloc( GetProcessHeap(), 0, envpath_len + 1 );
+    buffer = HeapAlloc( GetProcessHeap(), 0, envpath_len + sizeof("/dosbox") );
     strcpy( path, envpath );
+
     p = path;
     while (*p)
     {
@@ -126,7 +130,7 @@ static char *find_dosbox(void)
         if (!*p) break;
         dir = p;
         while (*p && *p != ':') p++;
-        *p++ = 0;
+        if (*p == ':') *p++ = 0;
         strcpy( buffer, dir );
         strcat( buffer, "/dosbox" );
         if (!stat( buffer, &st ))

    