oleaut32: Protect against integer overflow in SysAllocStringLen.
This commit is contained in:
parent
1a145bb532
commit
caa301a736
|
@ -20,6 +20,7 @@
|
||||||
|
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include <limits.h>
|
||||||
|
|
||||||
#define COBJMACROS
|
#define COBJMACROS
|
||||||
|
|
||||||
|
@ -217,6 +218,9 @@ BSTR WINAPI SysAllocStringLen(const OLECHAR *str, unsigned int len)
|
||||||
DWORD* newBuffer;
|
DWORD* newBuffer;
|
||||||
WCHAR* stringBuffer;
|
WCHAR* stringBuffer;
|
||||||
|
|
||||||
|
/* Detect integer overflow. */
|
||||||
|
if (len >= ((UINT_MAX-sizeof(WCHAR)-sizeof(DWORD))/sizeof(WCHAR)))
|
||||||
|
return NULL;
|
||||||
/*
|
/*
|
||||||
* Find the length of the buffer passed-in, in bytes.
|
* Find the length of the buffer passed-in, in bytes.
|
||||||
*/
|
*/
|
||||||
|
@ -234,8 +238,8 @@ BSTR WINAPI SysAllocStringLen(const OLECHAR *str, unsigned int len)
|
||||||
/*
|
/*
|
||||||
* If the memory allocation failed, return a null pointer.
|
* If the memory allocation failed, return a null pointer.
|
||||||
*/
|
*/
|
||||||
if (newBuffer==0)
|
if (!newBuffer)
|
||||||
return 0;
|
return NULL;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copy the length of the string in the placeholder.
|
* Copy the length of the string in the placeholder.
|
||||||
|
|
Loading…
Reference in New Issue