From 3f9c9eaa549e342870af2ee9454a93d29090c1b9 Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Thu, 1 May 2014 08:57:09 +0200 Subject: [PATCH] usp10: Do not write to last script item if buffer space is insufficient. --- dlls/usp10/usp10.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/usp10/usp10.c b/dlls/usp10/usp10.c index 94785b22aeb..ae164d21ff1 100644 --- a/dlls/usp10/usp10.c +++ b/dlls/usp10/usp10.c @@ -1616,12 +1616,12 @@ static HRESULT _ItemizeInternal(const WCHAR *pwcInChars, int cInChars, * item is set up to prevent random behaviour if the caller erroneously * checks the n+1 structure */ index++; + if (index + 1 > cMaxItems) return E_OUTOFMEMORY; memset(&pItems[index].a, 0, sizeof(SCRIPT_ANALYSIS)); TRACE("index=%d cnt=%d iCharPos=%d\n", index, cnt, pItems[index].iCharPos); /* Set one SCRIPT_STATE item being returned */ - if (index + 1 > cMaxItems) return E_OUTOFMEMORY; if (pcItems) *pcItems = index; /* Set SCRIPT_ITEM */