Skip to content

W
wine-winehq
Commit 362ecd06 authored by Alexandre Julliard's avatar Alexandre Julliard
Browse files
Options

kernel32: Fix handling of overflows in GetPrivateProfileSectionA.

parent d62d442d
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 7 deletions
dlls/kernel32/profile.c
View file @ 362ecd06
......@@ -1386,23 +1386,23 @@ INT WINAPI GetPrivateProfileSectionA( LPCSTR section, LPSTR buffer,
return 0;
}
bufferW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
bufferW = HeapAlloc(GetProcessHeap(), 0, len * 2 * sizeof(WCHAR));
RtlCreateUnicodeStringFromAsciiz(&sectionW, section);
if (filename) RtlCreateUnicodeStringFromAsciiz(&filenameW, filename);
else filenameW.Buffer = NULL;
retW = GetPrivateProfileSectionW(sectionW.Buffer, bufferW, len, filenameW.Buffer);
if (len > 2)
retW = GetPrivateProfileSectionW(sectionW.Buffer, bufferW, len * 2, filenameW.Buffer);
if (retW)
{
if (retW == len * 2 - 2) retW++; /* overflow */
ret = WideCharToMultiByte(CP_ACP, 0, bufferW, retW + 1, buffer, len, NULL, NULL);
if (ret > 2)
ret -= 1;
else
if (!ret || ret == len) /* overflow */
{
ret = 0;
ret = len - 2;
buffer[len-2] = 0;
buffer[len-1] = 0;
}
else ret--;
}
else
{
......
dlls/kernel32/tests/profile.c
View file @ 362ecd06
......@@ -236,6 +236,14 @@ static void test_profile_sections(void)
broken(GetLastError() == 0xdeadbeef), /* Win9x, WinME */
"expected ERROR_SUCCESS, got %d\n", GetLastError());
/* Overflow*/
ret=GetPrivateProfileSectionA("section1", buf, 24, testfile4);
for( p = buf + strlen(buf) + 1; *p;p += strlen(p)+1)
p[-1] = ',';
ok( ret == 22 && !strcmp( buf, "name1=val1,name2=,name"), "wrong section returned(%d): %s\n",
ret, buf);
ok( buf[ret] == 0 && buf[ret+1] == 0, "returned buffer not terminated with double-null\n" );
DeleteFileA( testfile4 );
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment