21 Sep
2003
21 Sep
'03
2:44 p.m.
Michael Günnewig wrote:
Changelog: Fixed use of uninitialized memory and wrong buffersize (found by valgrind).
Michael
--- dlls/avifil32/api.c.SAV 2003-09-20 16:14:45.000000000 +0200 +++ dlls/avifil32/api.c 2003-09-20 14:46:10.000000000 +0200 @@ -1009,7 +1009,7 @@ szFilter[0] = 0; szFilter[1] = 0;
- wszFilter = (LPWSTR)GlobalAllocPtr(GHND, cbFilter);
- wszFilter = (LPWSTR)GlobalAllocPtr(GHND, cbFilter * sizeof(WCHAR)); if (wszFilter == NULL) return AVIERR_MEMORY;
What are we doing to prevent integer overflow on these allocations? Shouldn't we, perhaps, use some wrapper that checks that "cbFilter*sizeof(WCHAR)" is not greater than "MAXINT"?
Shachar
--
Shachar Shemesh
Open Source integration consultant
Home page & resume - http://www.shemesh.biz/