From d92c976803647e4ae75ac9ca4fb7d0e5ad9bacfc Mon Sep 17 00:00:00 2001 From: Francois Gouget Date: Thu, 20 Nov 2008 20:41:04 +0100 Subject: [PATCH] regedit: Fix a buffer allocation in export_registry_key(). This fixes a major buffer overflow bug in 'regedit /E'. --- programs/regedit/regproc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/regedit/regproc.c b/programs/regedit/regproc.c index c070ab0815a..6d04a44a9b1 100644 --- a/programs/regedit/regproc.c +++ b/programs/regedit/regproc.c @@ -1239,7 +1239,7 @@ BOOL export_registry_key(WCHAR *file_name, WCHAR *reg_key_name, DWORD format) val_name_buf = HeapAlloc(GetProcessHeap(), 0, val_name_size * sizeof(*val_name_buf)); val_buf = HeapAlloc(GetProcessHeap(), 0, val_size); - line_buf = HeapAlloc(GetProcessHeap(), 0, line_buf_size); + line_buf = HeapAlloc(GetProcessHeap(), 0, line_buf_size * sizeof(*line_buf)); CHECK_ENOUGH_MEMORY(reg_key_name_buf && val_name_buf && val_buf && line_buf); if (reg_key_name && reg_key_name[0]) {