Re: [PATCH 0/1] MR1130: wbemprox: Fix string length in get_value_bstr().

On Fri Oct 21 10:15:42 2022 +0000, Paul Gofman wrote:

Yes, there wasn’t a past end write, it is swprintf was visibly swallowing the closing quote.

It seems like this would make the length in the BSTR too long by including the terminating null? It's hard to tell whether this actually matters, but it seems like the BSTR can be returned to applications via class_object_Get->get_propval->get_value_bstr.

The BSTR will be allocated with space for the len characters plus a null terminator. If swprintf expects a length including null terminator, I think it would be OK to pass in len+1 to swprintf.