From c0e3db958d77954baf94636b8137a18f6a186bd2 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 13 Oct 2000 17:04:14 +0000 Subject: [PATCH] Check for buffer overflows on data returns from RegQueryValueExA. --- memory/registry.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/memory/registry.c b/memory/registry.c index 26aa450971e..22c6919a7bc 100644 --- a/memory/registry.c +++ b/memory/registry.c @@ -923,7 +923,11 @@ DWORD WINAPI RegQueryValueExA( HKEY hkey, LPCSTR name, LPDWORD reserved, LPDWORD } total_size = len + info_size; } - else if (data) memcpy( data, buf_ptr + info_size, total_size - info_size ); + else if (data) + { + if (total_size - info_size > *count) status = STATUS_BUFFER_OVERFLOW; + else memcpy( data, buf_ptr + info_size, total_size - info_size ); + } } else if (status != STATUS_BUFFER_OVERFLOW) goto done; }