-
Jinoh Kang authored
`(BYTE *)dst_ex - (BYTE *)dst` is the size of the legacy context, but `dst_ex->All` already contains the legacy context. Therefore, `context_length` has the legacy context size added *twice*. This becomes a problem when `context_length` exceeds `sizeof(src_context_buffer)`. This confuses `check_changes_in_range()`, causing out-of-bounds read and unpredictable test results.
7ba9dea9
| Name |
Last commit
|
Last update |
|---|---|---|
| dlls | ||
| documentation | ||
| fonts | ||
| include | ||
| libs | ||
| loader | ||
| nls | ||
| po | ||
| programs | ||
| server | ||
| tools | ||
| .editorconfig | ||
| .gitlab-ci.yml | ||
| .mailmap | ||
| ANNOUNCE.md | ||
| AUTHORS | ||
| COPYING.LIB | ||
| LICENSE | ||
| LICENSE.OLD | ||
| MAINTAINERS | ||
| README.md | ||
| VERSION | ||
| aclocal.m4 | ||
| configure | ||
| configure.ac |