ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

oleaut32: Protect against integer overflow in SysAllocStringLen.

This commit is contained in:
Marcus Meissner 2006-11-24 08:45:57 +01:00 committed by Alexandre Julliard
parent 1a145bb532
commit caa301a736
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dlls/oleaut32/oleaut.c
View File

@ -20,6 +20,7 @@
#include <stdarg.h> #include <stdarg.h>
#include <string.h> #include <string.h>
#include <limits.h>
#define COBJMACROS #define COBJMACROS
@ -217,6 +218,9 @@ BSTR WINAPI SysAllocStringLen(const OLECHAR *str, unsigned int len)
DWORD* newBuffer; DWORD* newBuffer;
WCHAR* stringBuffer; WCHAR* stringBuffer;
/* Detect integer overflow. */
if (len >= ((UINT_MAX-sizeof(WCHAR)-sizeof(DWORD))/sizeof(WCHAR)))
return NULL;
/* /*
* Find the length of the buffer passed-in, in bytes. * Find the length of the buffer passed-in, in bytes.
*/ */
@ -234,8 +238,8 @@ BSTR WINAPI SysAllocStringLen(const OLECHAR *str, unsigned int len)
/* /*
* If the memory allocation failed, return a null pointer. * If the memory allocation failed, return a null pointer.
*/ */
if (newBuffer==0) if (!newBuffer)
return 0; return NULL;
/* /*
* Copy the length of the string in the placeholder. * Copy the length of the string in the placeholder.