"Nikolay Sivov" bunglehead@gmail.com wrote:
Reported as http://bugs.winehq.org/show_bug.cgi?id=19819
Changelog: - prevent possible buffer overrun
- while (!(*lpSrc>>index & 0x0001) && index<MAXTCIINDEX) index++;
while (index < MAXTCIINDEX && !(*lpSrc>>index & 0x0001)) index++;
'index >= MAXTCIINDEX' won't trigger in that case:
if (index >= MAXTCIINDEX || FONT_tci[index].ciCharset == DEFAULT_CHARSET) return FALSE;
It would be simpler IMO to add one more item to FONT_tci[] instead.
Dmitry Timoshkov wrote:
"Nikolay Sivov" bunglehead@gmail.com wrote:
Reported as http://bugs.winehq.org/show_bug.cgi?id=19819
Changelog: - prevent possible buffer overrun
- while (!(*lpSrc>>index & 0x0001) && index<MAXTCIINDEX) index++;
while (index < MAXTCIINDEX && !(*lpSrc>>index & 0x0001)) index++;'index >= MAXTCIINDEX' won't trigger in that case:
if (index >= MAXTCIINDEX || FONT_tci[index].ciCharset == DEFAULT_CHARSET) return FALSE;
You're right, it breaks this path.
It would be simpler IMO to add one more item to FONT_tci[] instead.
Ok.
-
Dmitry Timoshkov -
Nikolay Sivov