xmllite: Don't lose terminating character when shrinking buffer.

The utf16 buffer is expected to be terminated by a '0' character. Flawed buffer shrinking logic would move the buffer contents but forget about the terminating character, which could cause reading junk past the end of the buffer contents. Signed-off-by: Eduard Permyakov <epermyakov@codeweavers.com> Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

xmllite: Don't lose terminating character when shrinking buffer.
2d33f406 · Eduard Permyakov · Alexandre Julliard · 4303e753 · 2d33f406
Commit 2d33f406 authored Aug 06, 2021 by Eduard Permyakov Committed by Alexandre Julliard Aug 10, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

reader.c dlls/xmllite/reader.c +2 -0

No files found.
--- a/dlls/xmllite/reader.c
+++ b/dlls/xmllite/reader.c
@@ -2128,6 +2128,7 @@ static HRESULT reader_parse_reference(xmlreader *reader)
        memmove(start + 1, ptr + 1, len);

        buffer->written -= (reader_get_cur(reader) - cur) * sizeof(WCHAR);
+        *(WCHAR*)(buffer->data + buffer->written) = 0;
        buffer->cur = cur + 1;

        *start = ch;
@@ -2151,6 +2152,7 @@ static HRESULT reader_parse_reference(xmlreader *reader)
            memmove(start+1, ptr+1, len);
            buffer->cur = cur + 1;
            buffer->written -= (ptr - start) * sizeof(WCHAR);
+            *(WCHAR*)(buffer->data + buffer->written) = 0;

            *start = ch;
        }