test_logfont in dlls/gdi32/tests/font.c calls CreateFontIndirectA with a non-null-terminated font name and expects it to not crash.
-- v3: gdi32: Limit source string length in logfont_AtoW (ASan).
From: Alex Henrie alexhenrie24@gmail.com
test_logfont in dlls/gdi32/tests/font.c calls CreateFontIndirectA with a non-null-terminated font name and expects it to not crash. --- dlls/gdi32/text.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/dlls/gdi32/text.c b/dlls/gdi32/text.c index 6be622a2312..070714a30c6 100644 --- a/dlls/gdi32/text.c +++ b/dlls/gdi32/text.c @@ -781,8 +781,9 @@ static void text_metric_ex_WtoA(const NEWTEXTMETRICEXW *tmW, NEWTEXTMETRICEXA *t static void logfont_AtoW( const LOGFONTA *fontA, LPLOGFONTW fontW ) { memcpy( fontW, fontA, sizeof(LOGFONTA) - LF_FACESIZE ); - MultiByteToWideChar( CP_ACP, 0, fontA->lfFaceName, -1, fontW->lfFaceName, - LF_FACESIZE ); + MultiByteToWideChar( CP_ACP, 0, fontA->lfFaceName, + strnlen(fontA->lfFaceName, LF_FACESIZE - 1), + fontW->lfFaceName, LF_FACESIZE - 1 ); fontW->lfFaceName[LF_FACESIZE - 1] = 0; }
-
Alex Henrie -
Alex Henrie (@alexhenrie)