Hello Alexandre,
2008/5/8 Alexandre Julliard julliard@winehq.org:
"Maarten Lankhorst" m.b.lankhorst@gmail.com writes:
@@ -1970,7 +1970,7 @@ NTSTATUS WINAPI RtlIntegerToUnicodeString( } while (value != 0L);
str->Length = (&buffer[32] - pos) * sizeof(WCHAR);
- if (str->Length >= str->MaximumLength) {
- if (str->Length + sizeof(WCHAR) >= str->MaximumLength) { return STATUS_BUFFER_OVERFLOW; } else { memcpy(str->Buffer, pos, str->Length + sizeof(WCHAR));
There's no overflow here. The Windows implementation of RtlIntegerToUnicodeString seems badly confused but I don't think we need to replicate those bugs.
It copies str->Length + sizeof(WCHAR) to the destination buffer according to james' testcases. So it definitely looks like a bug to me if it would copy data beyond MaximumLength, since only up to MaximumLength is guaranteed to be allocated. Of course you're right that my fix is likely wrong, the >= max should probablly be changed to
max, otherwise it would return STATUS_BUFFER_OVERFLOW wrongly.
Cheers, Maarten.