21 Oct
2009
21 Oct
'09
3:22 p.m.
Hi Hans,
- size = (lstrlenW(value) + 1 + size) * sizeof(WCHAR); + size += (lstrlenW(value) + 1) * sizeof(WCHAR);
I don't see how you're avoiding accessing uninitialize memory here. Could you enlighten me?
I think it's complaining about value, by the way, which could be NULL according to line 5034: if (flags & ENV_ACT_REMOVEMATCH && (!value || !lstrcmpW(data, value))) --Juan
21 Oct
21 Oct
3:44 p.m.
New subject: [7/7] msi: Avoid accessing uninitialized memory.
On Wednesday 21 October 2009 17:22:08 Juan Lang wrote:
size is calculated in bytes before this line but multiplied by sizeof(WCHAR) here, so the allocation that follows is too large. The buffer is not fully written to but size is passed unchanged to RegSetValueExW, which tests the end of the buffer for a terminating null.
-Hans
5688
Age (days ago)
5688
Last active (days ago)
1 comments
2 participants
participants (2)
-
Hans Leidekker -
Juan Lang