[ros-diffs] [jgardou] 53160: [SETUPAPI] - fix confusion on buffer size between string length and number of bytes. Might fix some infamous heap corruption bug during install. Please test.
jgardou at svn.reactos.org
jgardou at svn.reactos.org
Wed Aug 10 01:31:39 UTC 2011
Author: jgardou
Date: Wed Aug 10 01:31:35 2011
New Revision: 53160
URL: http://svn.reactos.org/svn/reactos?rev=53160&view=rev
Log:
[SETUPAPI]
- fix confusion on buffer size between string length and number of bytes.
Might fix some infamous heap corruption bug during install. Please test.
Modified:
trunk/reactos/dll/win32/setupapi/driver.c
Modified: trunk/reactos/dll/win32/setupapi/driver.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/setupapi/driver.c?rev=53160&r1=53159&r2=53160&view=diff
==============================================================================
--- trunk/reactos/dll/win32/setupapi/driver.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/setupapi/driver.c [iso-8859-1] Wed Aug 10 01:31:35 2011
@@ -681,9 +681,9 @@
if (dwType == REG_EXPAND_SZ)
{
cbData = ExpandEnvironmentStringsW(pvBuf, pvData,
- pcbData ? *pcbData : 0);
+ pcbData ? (*pcbData)/sizeof(WCHAR) : 0);
dwType = REG_SZ;
- if(pcbData && cbData > *pcbData)
+ if(pcbData && cbData > ((*pcbData)/sizeof(WCHAR)))
ret = ERROR_MORE_DATA;
}
else if (pcbData)
@@ -814,7 +814,7 @@
KEY_QUERY_VALUE);
if (hDriverKey == INVALID_HANDLE_VALUE)
goto done;
- RequiredSize = len - strlenW(InfFileName);
+ RequiredSize = (len - strlenW(InfFileName)) * sizeof(WCHAR);
rc = RegGetValueW(
hDriverKey,
NULL,
More information about the Ros-diffs
mailing list