From 39e9ac03179363d0586e65a753c50d9791af5673 Mon Sep 17 00:00:00 2001 From: Piotr Caban Date: Tue, 11 Sep 2012 16:08:56 +0200 Subject: [PATCH] msvcp: Prevent overflows while operating on string sizes. --- dlls/msvcp100/string.c | 12 ++++++------ dlls/msvcp60/string.c | 20 ++++++++++---------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/dlls/msvcp100/string.c b/dlls/msvcp100/string.c index bbd01b440d9..5fb117fb036 100644 --- a/dlls/msvcp100/string.c +++ b/dlls/msvcp100/string.c @@ -977,7 +977,7 @@ int __thiscall MSVCP_basic_string_char_compare_substr_cstr_len( if(this->size < pos) MSVCP__String_base_Xran(); - if(pos+num > this->size) + if(num > this->size-pos) num = this->size-pos; ans = MSVCP_char_traits_char_compare(basic_string_char_const_ptr(this)+pos, @@ -1024,7 +1024,7 @@ int __thiscall MSVCP_basic_string_char_compare_substr_substr( if(compare->size < off) MSVCP__String_base_Xran(); - if(off+count > compare->size) + if(count > compare->size-off) count = compare->size-off; return MSVCP_basic_string_char_compare_substr_cstr_len(this, pos, num, @@ -1512,7 +1512,7 @@ basic_string_char* __thiscall basic_string_char_replace_substr(basic_string_char if(str->size < str_off) MSVCP__String_base_Xran(); - if(str_off+str_len > str->size) + if(str_len > str->size-str_off) str_len = str->size-str_off; return basic_string_char_replace_cstr_len(this, off, len, @@ -2690,7 +2690,7 @@ int __thiscall MSVCP_basic_string_wchar_compare_substr_cstr_len( if(this->size < pos) MSVCP__String_base_Xran(); - if(pos+num > this->size) + if(num > this->size-pos) num = this->size-pos; ans = MSVCP_char_traits_wchar_compare(basic_string_wchar_const_ptr(this)+pos, @@ -2743,7 +2743,7 @@ int __thiscall MSVCP_basic_string_wchar_compare_substr_substr( if(compare->size < off) MSVCP__String_base_Xran(); - if(off+count > compare->size) + if(count > compare->size-off) count = compare->size-off; return MSVCP_basic_string_wchar_compare_substr_cstr_len(this, pos, num, @@ -3218,7 +3218,7 @@ basic_string_wchar* __thiscall basic_string_wchar_replace_substr(basic_string_wc if(str->size < str_off) MSVCP__String_base_Xran(); - if(str_off+str_len > str->size) + if(str_len > str->size-str_off) str_len = str->size-str_off; return basic_string_wchar_replace_cstr_len(this, off, len, diff --git a/dlls/msvcp60/string.c b/dlls/msvcp60/string.c index 2553e5b599b..21801495aa7 100644 --- a/dlls/msvcp60/string.c +++ b/dlls/msvcp60/string.c @@ -549,7 +549,7 @@ int __thiscall basic_string_char_compare_substr_cstr_len( if(this->size < pos) _Xran(); - if(pos+num > this->size) + if(num > this->size-pos) num = this->size-pos; ans = char_traits_char_compare(this->ptr+pos, @@ -586,7 +586,7 @@ int __thiscall basic_string_char_compare_substr_substr( if(compare->size < off) _Xran(); - if(off+count > compare->size) + if(count > compare->size-off) count = compare->size-off; return basic_string_char_compare_substr_cstr_len(this, pos, num, @@ -1338,7 +1338,7 @@ basic_string_char* __thiscall basic_string_char_replace_cstr_len(basic_string_ch if(this->size < off) _Xran(); - if(off+len > this->size) + if(len > this->size-off) len = this->size-off; if(basic_string_char_npos-str_len <= this->size-len) @@ -1388,7 +1388,7 @@ basic_string_char* __thiscall basic_string_char_replace_substr(basic_string_char if(str->size < str_off) _Xran(); - if(str_off+str_len > str->size) + if(str_len > str->size-str_off) str_len = str->size-str_off; return basic_string_char_replace_cstr_len(this, off, len, @@ -1418,7 +1418,7 @@ basic_string_char* __thiscall basic_string_char_replace_ch(basic_string_char *th if(this->size < off) _Xran(); - if(off+len > this->size) + if(len > this->size-off) len = this->size-off; if(basic_string_char_npos-count <= this->size-len) @@ -2239,7 +2239,7 @@ int __thiscall basic_string_wchar_compare_substr_cstr_len( if(this->size < pos) _Xran(); - if(pos+num > this->size) + if(num > this->size-pos) num = this->size-pos; ans = char_traits_wchar_compare(this->ptr+pos, @@ -2276,7 +2276,7 @@ int __thiscall basic_string_wchar_compare_substr_substr( if(compare->size < off) _Xran(); - if(off+count > compare->size) + if(count > compare->size-off) count = compare->size-off; return basic_string_wchar_compare_substr_cstr_len(this, pos, num, @@ -3028,7 +3028,7 @@ basic_string_wchar* __thiscall basic_string_wchar_replace_cstr_len(basic_string_ if(this->size < off) _Xran(); - if(off+len > this->size) + if(len > this->size-off) len = this->size-off; if(basic_string_wchar_npos-str_len <= this->size-len) @@ -3078,7 +3078,7 @@ basic_string_wchar* __thiscall basic_string_wchar_replace_substr(basic_string_wc if(str->size < str_off) _Xran(); - if(str_off+str_len > str->size) + if(str_len > str->size-str_off) str_len = str->size-str_off; return basic_string_wchar_replace_cstr_len(this, off, len, @@ -3108,7 +3108,7 @@ basic_string_wchar* __thiscall basic_string_wchar_replace_ch(basic_string_wchar if(this->size < off) _Xran(); - if(off+len > this->size) + if(len > this->size-off) len = this->size-off; if(basic_string_wchar_npos-count <= this->size-len)