Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
362ecd06
Commit
362ecd06
authored
Oct 08, 2009
by
Alexandre Julliard
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
kernel32: Fix handling of overflows in GetPrivateProfileSectionA.
parent
d62d442d
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
15 additions
and
7 deletions
+15
-7
profile.c
dlls/kernel32/profile.c
+7
-7
profile.c
dlls/kernel32/tests/profile.c
+8
-0
No files found.
dlls/kernel32/profile.c
View file @
362ecd06
...
...
@@ -1386,23 +1386,23 @@ INT WINAPI GetPrivateProfileSectionA( LPCSTR section, LPSTR buffer,
return
0
;
}
bufferW
=
HeapAlloc
(
GetProcessHeap
(),
0
,
len
*
sizeof
(
WCHAR
));
bufferW
=
HeapAlloc
(
GetProcessHeap
(),
0
,
len
*
2
*
sizeof
(
WCHAR
));
RtlCreateUnicodeStringFromAsciiz
(
&
sectionW
,
section
);
if
(
filename
)
RtlCreateUnicodeStringFromAsciiz
(
&
filenameW
,
filename
);
else
filenameW
.
Buffer
=
NULL
;
retW
=
GetPrivateProfileSectionW
(
sectionW
.
Buffer
,
bufferW
,
len
,
filenameW
.
Buffer
);
if
(
len
>
2
)
retW
=
GetPrivateProfileSectionW
(
sectionW
.
Buffer
,
bufferW
,
len
*
2
,
filenameW
.
Buffer
);
if
(
retW
)
{
if
(
retW
==
len
*
2
-
2
)
retW
++
;
/* overflow */
ret
=
WideCharToMultiByte
(
CP_ACP
,
0
,
bufferW
,
retW
+
1
,
buffer
,
len
,
NULL
,
NULL
);
if
(
ret
>
2
)
ret
-=
1
;
else
if
(
!
ret
||
ret
==
len
)
/* overflow */
{
ret
=
0
;
ret
=
len
-
2
;
buffer
[
len
-
2
]
=
0
;
buffer
[
len
-
1
]
=
0
;
}
else
ret
--
;
}
else
{
...
...
dlls/kernel32/tests/profile.c
View file @
362ecd06
...
...
@@ -236,6 +236,14 @@ static void test_profile_sections(void)
broken
(
GetLastError
()
==
0xdeadbeef
),
/* Win9x, WinME */
"expected ERROR_SUCCESS, got %d
\n
"
,
GetLastError
());
/* Overflow*/
ret
=
GetPrivateProfileSectionA
(
"section1"
,
buf
,
24
,
testfile4
);
for
(
p
=
buf
+
strlen
(
buf
)
+
1
;
*
p
;
p
+=
strlen
(
p
)
+
1
)
p
[
-
1
]
=
','
;
ok
(
ret
==
22
&&
!
strcmp
(
buf
,
"name1=val1,name2=,name"
),
"wrong section returned(%d): %s
\n
"
,
ret
,
buf
);
ok
(
buf
[
ret
]
==
0
&&
buf
[
ret
+
1
]
==
0
,
"returned buffer not terminated with double-null
\n
"
);
DeleteFileA
(
testfile4
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment