ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

user32: Fix buffer overflow in EDIT_EM_ReplaceSel(). 

After EN_MAXTEXT notification, available space may be larger than
length of the string. This must be checked and strl must not be
set to a value larger than the actual length of the string.

Signed-off-by: Roman Pišl <rpisl@seznam.cz>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Roman Pišl 2016-10-18 00:34:55 +02:00 committed by Alexandre Julliard
parent 71bd13391b
commit 9de8ea7564
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dlls/user32/edit.c
View File

@ -2598,7 +2598,7 @@ static void EDIT_EM_ReplaceSel(EDITSTATE *es, BOOL can_undo, LPCWSTR lpsz_replac
if (es->buffer_limit < (tl - (e-s)))
strl = 0;
else
strl = es->buffer_limit - (tl - (e-s));
strl = min(strl, es->buffer_limit - (tl - (e-s)));
}
if (!EDIT_MakeFit(es, tl - (e - s) + strl))