From 34b1412246278ca0f6827ec38033a6345fb6f09d Mon Sep 17 00:00:00 2001 From: Daniel Lehman Date: Mon, 13 Aug 2018 17:43:38 -0700 Subject: [PATCH 3/5] msvcrt: Don't read past end of string in _strncoll/_wcsncoll. Signed-off-by: Daniel Lehman --- dlls/msvcrt/string.c | 8 +++++++- dlls/msvcrt/tests/string.c | 33 +++++++++++++-------------------- dlls/msvcrt/wcs.c | 8 +++++++- 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/dlls/msvcrt/string.c b/dlls/msvcrt/string.c index c8cd390688..d3e3c3202c 100644 --- a/dlls/msvcrt/string.c +++ b/dlls/msvcrt/string.c @@ -658,6 +658,8 @@ int CDECL MSVCRT__stricoll( const char* str1, const char* str2 ) int CDECL MSVCRT__strncoll_l( const char* str1, const char* str2, MSVCRT_size_t count, MSVCRT__locale_t locale ) { MSVCRT_pthreadlocinfo locinfo; + MSVCRT_size_t len1; + MSVCRT_size_t len2; if(!locale) locinfo = get_locinfo(); @@ -666,7 +668,11 @@ int CDECL MSVCRT__strncoll_l( const char* str1, const char* str2, MSVCRT_size_t if(!locinfo->lc_handle[MSVCRT_LC_COLLATE]) return strncmp(str1, str2, count); - return CompareStringA(locinfo->lc_handle[MSVCRT_LC_COLLATE], 0, str1, count, str2, count)-CSTR_EQUAL; + + len1 = strlen(str1); + len2 = strlen(str2); + return CompareStringA(locinfo->lc_handle[MSVCRT_LC_COLLATE], 0, + str1, min(count, len1), str2, min(count, len2))-CSTR_EQUAL; } /********************************************************************* diff --git a/dlls/msvcrt/tests/string.c b/dlls/msvcrt/tests/string.c index 1a075b5b33..884c479d77 100644 --- a/dlls/msvcrt/tests/string.c +++ b/dlls/msvcrt/tests/string.c @@ -3395,11 +3395,10 @@ static void test__tcsncoll(void) const char *str2; size_t count; int exp; - BOOL todo; }; static const struct test tests[] = { { "English", "ABCD", "ABCD", 4, 0 }, - { "English", "ABCD", "ABCD", 10, 0, TRUE }, + { "English", "ABCD", "ABCD", 10, 0 }, { "English", "ABC", "ABCD", 3, 0 }, { "English", "ABC", "ABCD", 4, -1 }, @@ -3442,15 +3441,12 @@ static void test__tcsncoll(void) strcpy(str2, tests[i].str2); ret = _strncoll(str1, str2, tests[i].count); - todo_wine_if(tests[i].todo) - { - if (!tests[i].exp) - ok(!ret, "expected 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - else if (tests[i].exp < 0) - ok(ret < 0, "expected < 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - else - ok(ret > 0, "expected > 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - } + if (!tests[i].exp) + ok(!ret, "expected 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); + else if (tests[i].exp < 0) + ok(ret < 0, "expected < 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); + else + ok(ret > 0, "expected > 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); memset(str1W, 0xee, sizeof(str1W)); len = mbstowcs(str1W, str1, ARRAY_SIZE(str1W)); @@ -3461,15 +3457,12 @@ static void test__tcsncoll(void) str2W[len] = 0; ret = _wcsncoll(str1W, str2W, tests[i].count); - todo_wine_if(tests[i].todo) - { - if (!tests[i].exp) - ok(!ret, "expected 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - else if (tests[i].exp < 0) - ok(ret < 0, "expected < 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - else - ok(ret > 0, "expected > 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); - } + if (!tests[i].exp) + ok(!ret, "expected 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); + else if (tests[i].exp < 0) + ok(ret < 0, "expected < 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); + else + ok(ret > 0, "expected > 0, got %d for %s, %s, %d\n", ret, str1, str2, (int)tests[i].count); } } diff --git a/dlls/msvcrt/wcs.c b/dlls/msvcrt/wcs.c index ed73fc6163..43b66e89ef 100644 --- a/dlls/msvcrt/wcs.c +++ b/dlls/msvcrt/wcs.c @@ -327,6 +327,8 @@ int CDECL MSVCRT__wcsncoll_l(const MSVCRT_wchar_t* str1, const MSVCRT_wchar_t* s MSVCRT_size_t count, MSVCRT__locale_t locale) { MSVCRT_pthreadlocinfo locinfo; + MSVCRT_size_t len1; + MSVCRT_size_t len2; if(!locale) locinfo = get_locinfo(); @@ -335,7 +337,11 @@ int CDECL MSVCRT__wcsncoll_l(const MSVCRT_wchar_t* str1, const MSVCRT_wchar_t* s if(!locinfo->lc_handle[MSVCRT_LC_COLLATE]) return strncmpW(str1, str2, count); - return CompareStringW(locinfo->lc_handle[MSVCRT_LC_COLLATE], 0, str1, count, str2, count)-CSTR_EQUAL; + + len1 = strlenW(str1); + len2 = strlenW(str2); + return CompareStringW(locinfo->lc_handle[MSVCRT_LC_COLLATE], 0, + str1, min(count, len1), str2, min(count, len2))-CSTR_EQUAL; } /********************************************************************* -- 2.17.0