ntdll: Fix the overflow check in read_changes_apc().

Signed-off-by: Zebediah Figura <z.figura12@gmail.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

ntdll: Fix the overflow check in read_changes_apc().
cd2e0532 · Zebediah Figura · Alexandre Julliard · ad9fb96e · cd2e0532
Commit cd2e0532 authored Mar 22, 2020 by Zebediah Figura Committed by Alexandre Julliard Mar 23, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

file.c dlls/ntdll/file.c +4 -3

No files found.
--- a/dlls/ntdll/file.c
+++ b/dlls/ntdll/file.c
@@ -1768,16 +1768,17 @@ static NTSTATUS read_changes_apc( void *user, IO_STATUS_BLOCK *iosb, NTSTATUS st

            while (size && left >= sizeof(*pfni))
            {
+                DWORD len = (left - offsetof(FILE_NOTIFY_INFORMATION, FileName)) / sizeof(WCHAR);
+
                /* convert to an NT style path */
                for (i = 0; i < event->len; i++)
                    if (event->name[i] == '/') event->name[i] = '\\';

                pfni->Action = event->action;
-                pfni->FileNameLength = ntdll_umbstowcs( event->name, event->len, pfni->FileName,
-                             (left - offsetof(FILE_NOTIFY_INFORMATION, FileName)) / sizeof(WCHAR));
+                pfni->FileNameLength = ntdll_umbstowcs( event->name, event->len, pfni->FileName, len );
                last_entry_offset = &pfni->NextEntryOffset;

-                if (pfni->FileNameLength == -1 || pfni->FileNameLength == -2) break;
+                if (pfni->FileNameLength == len) break;

                i = offsetof(FILE_NOTIFY_INFORMATION, FileName[pfni->FileNameLength]);
                pfni->FileNameLength *= sizeof(WCHAR);