From e175bee277a2aac054405ad4ef6ddab8f159da8e Mon Sep 17 00:00:00 2001
From: Jacek Caban <jacek@codeweavers.com>
Date: Tue, 8 Feb 2011 15:09:38 +0100
Subject: [PATCH] mshtml: Fixed size check in res protocol
 ParseUrl(PARSE_SECURITY_URL) call.

---
 dlls/mshtml/protocol.c       |  2 +-
 dlls/mshtml/tests/protocol.c | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/dlls/mshtml/protocol.c b/dlls/mshtml/protocol.c
index 79bcf2d03de..58f4deec1ea 100644
--- a/dlls/mshtml/protocol.c
+++ b/dlls/mshtml/protocol.c
@@ -864,7 +864,7 @@ static HRESULT WINAPI ResProtocolInfo_ParseUrl(IInternetProtocolInfo *iface, LPC
         size = sizeof(wszFile)/sizeof(WCHAR) + len + 1;
         if(pcchResult)
             *pcchResult = size;
-        if(size >= cchResult)
+        if(size > cchResult)
             return S_FALSE;
 
         memcpy(pwzResult, wszFile, sizeof(wszFile));
diff --git a/dlls/mshtml/tests/protocol.c b/dlls/mshtml/tests/protocol.c
index 9e6fe1abefc..599f43e7605 100644
--- a/dlls/mshtml/tests/protocol.c
+++ b/dlls/mshtml/tests/protocol.c
@@ -326,7 +326,7 @@ static void test_res_protocol(void)
     ok(hres == S_OK, "Could not get IInternetProtocolInfo interface: %08x\n", hres);
     if(SUCCEEDED(hres)) {
         WCHAR buf[128];
-        DWORD size;
+        DWORD size, expected_size;
         int i;
 
         for(i = PARSE_CANONICALIZE; i <= PARSE_UNESCAPE; i++) {
@@ -342,12 +342,20 @@ static void test_res_protocol(void)
                 sizeof(buf)/sizeof(buf[0]), &size, 0);
         ok(hres == S_OK, "ParseUrl failed: %08x\n", hres);
         res_sec_url_cmp(buf, size, mshtml_dllW);
+        ok(size == lstrlenW(buf)+1, "size = %d\n", size);
+        expected_size = size;
+
+        hres = IInternetProtocolInfo_ParseUrl(protocol_info, blank_url, PARSE_SECURITY_URL, 0, buf,
+                expected_size, &size, 0);
+        ok(hres == S_OK, "ParseUrl failed: %08x\n", hres);
+        res_sec_url_cmp(buf, size, mshtml_dllW);
+        ok(size == expected_size, "size = %d\n", size);
 
         size = 0;
         hres = IInternetProtocolInfo_ParseUrl(protocol_info, blank_url, PARSE_SECURITY_URL, 0, buf,
                 3, &size, 0);
         ok(hres == S_FALSE, "ParseUrl failed: %08x, expected S_FALSE\n", hres);
-        ok(size, "size=0\n");
+        ok(size == expected_size, "size = %d\n", size);
 
         hres = IInternetProtocolInfo_ParseUrl(protocol_info, wrong_url1, PARSE_SECURITY_URL, 0, buf,
                 sizeof(buf)/sizeof(buf[0]), &size, 0);