From 0eddf4341fb8bf3cbbadcf6de1835e38fe10885c Mon Sep 17 00:00:00 2001
From: James Hawkins <truiken@gmail.com>
Date: Tue, 4 Oct 2005 11:30:20 +0000
Subject: [PATCH] Check the size of the input buffer so we don't write past the
 end.

---
 dlls/version/info.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/dlls/version/info.c b/dlls/version/info.c
index b53f7179ac3..1fbd7583c11 100644
--- a/dlls/version/info.c
+++ b/dlls/version/info.c
@@ -544,6 +544,8 @@ BOOL WINAPI GetFileVersionInfoW( LPCWSTR filename, DWORD handle,
     }
     else 
     {
+        static const char signature[] = "FE2X";
+        DWORD bufsize = vvis->wLength + strlen(signature);
         DWORD convbuf;
  
         /* We have a 32bit resource.
@@ -552,8 +554,12 @@ BOOL WINAPI GetFileVersionInfoW( LPCWSTR filename, DWORD handle,
          * This extra buffer is used for Unicode to ANSI conversions in A-Calls
          */
 
-        convbuf = datasize - vvis->wLength;
-        memcpy( ((char*)(data))+vvis->wLength, "FE2X", convbuf > 4 ? 4 : convbuf );
+        /* information is truncated to datasize bytes */
+        if (datasize >= bufsize)
+        {
+            convbuf = datasize - vvis->wLength;
+            memcpy( ((char*)(data))+vvis->wLength, signature, convbuf > 4 ? 4 : convbuf );
+        }
     }
 
     SetLastError(0);