Skip to content

W
wine-winehq
Commit 3d89e291 authored by Dylan Smith's avatar Dylan Smith Committed by Alexandre Julliard
Browse files
Options

richedit: Handle NULL buffer or 0 buffer length in ME_GetTextEx.

ME_GetTextEx directly handles EM_GETTEXTEX, and previously a NULL buffer would be dereferenced, and a 0 buffer length would cause nCount an underflow in the nCount value which would allow a buffer overflow to occur.
parent 5e58b29c
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 0 deletions
dlls/riched20/editor.c
View file @ 3d89e291
...@@ -1863,6 +1863,8 @@ static int ME_GetTextEx(ME_TextEditor *editor, GETTEXTEX *ex, LPARAM pText) ...@@ -1863,6 +1863,8 @@ static int ME_GetTextEx(ME_TextEditor *editor, GETTEXTEX *ex, LPARAM pText)
{ {
int nStart, nCount; /* in chars */ int nStart, nCount; /* in chars */
if (!ex->cb || !pText) return 0;
if (ex->flags & ~(GT_SELECTION | GT_USECRLF)) if (ex->flags & ~(GT_SELECTION | GT_USECRLF))
FIXME("GETTEXTEX flags 0x%08x not supported\n", ex->flags & ~(GT_SELECTION | GT_USECRLF)); FIXME("GETTEXTEX flags 0x%08x not supported\n", ex->flags & ~(GT_SELECTION | GT_USECRLF));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment