Skip to content

W
wine-cw
Commit 2f356c78 authored by Alexandre Julliard's avatar Alexandre Julliard
Browse files
Options

ntdll: Fixed buffer overflow in NtQueryDirectoryFile optimisation.

parent b149f3c7
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 1 deletion
dlls/ntdll/directory.c
View file @ 2f356c78
...@@ -1150,7 +1150,7 @@ static int read_directory_stat( int fd, IO_STATUS_BLOCK *io, void *buffer, ULONG ...@@ -1150,7 +1150,7 @@ static int read_directory_stat( int fd, IO_STATUS_BLOCK *io, void *buffer, ULONG
TRACE("trying optimisation for file %s\n", debugstr_us( mask )); TRACE("trying optimisation for file %s\n", debugstr_us( mask ));
unix_len = ntdll_wcstoumbs( 0, mask->Buffer, mask->Length / sizeof(WCHAR), NULL, 0, NULL, NULL ); unix_len = ntdll_wcstoumbs( 0, mask->Buffer, mask->Length / sizeof(WCHAR), NULL, 0, NULL, NULL );
if (!(unix_name = RtlAllocateHeap( GetProcessHeap(), 0, unix_len ))) if (!(unix_name = RtlAllocateHeap( GetProcessHeap(), 0, unix_len + 1)))
{ {
io->u.Status = STATUS_NO_MEMORY; io->u.Status = STATUS_NO_MEMORY;
return 0; return 0;
...@@ -1159,6 +1159,7 @@ static int read_directory_stat( int fd, IO_STATUS_BLOCK *io, void *buffer, ULONG ...@@ -1159,6 +1159,7 @@ static int read_directory_stat( int fd, IO_STATUS_BLOCK *io, void *buffer, ULONG
NULL, &used_default ); NULL, &used_default );
if (ret > 0 && !used_default) if (ret > 0 && !used_default)
{ {
unix_name[ret] = 0;
if (restart_scan) if (restart_scan)
{ {
lseek( fd, 0, SEEK_SET ); lseek( fd, 0, SEEK_SET );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment