[ros-diffs] [weiden] 28094: Fix buffer overflow in InfpAddSection. See issue #2516 for more details.
weiden at svn.reactos.org
weiden at svn.reactos.org
Thu Aug 2 06:09:20 CEST 2007
Author: weiden
Date: Thu Aug 2 08:09:19 2007
New Revision: 28094
URL: http://svn.reactos.org/svn/reactos?rev=28094&view=rev
Log:
Fix buffer overflow in InfpAddSection.
See issue #2516 for more details.
Modified:
trunk/reactos/lib/inflib/infcore.c
trunk/reactos/lib/inflib/infpriv.h
Modified: trunk/reactos/lib/inflib/infcore.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/inflib/infcore.c?rev=28094&r1=28093&r2=28094&view=diff
==============================================================================
--- trunk/reactos/lib/inflib/infcore.c (original)
+++ trunk/reactos/lib/inflib/infcore.c Thu Aug 2 08:09:19 2007
@@ -181,7 +181,8 @@
}
/* Allocate and initialize the new section */
- Size = sizeof(INFCACHESECTION) + (_tcslen (Name) * sizeof(TCHAR));
+ Size = FIELD_OFFSET(INFCACHESECTION,
+ Name[_tcslen (Name) + 1]);
Section = (PINFCACHESECTION)MALLOC (Size);
if (Section == NULL)
{
@@ -285,7 +286,8 @@
PINFCACHEFIELD Field;
ULONG Size;
- Size = sizeof(INFCACHEFIELD) + (_tcslen(Data) * sizeof(TCHAR));
+ Size = FIELD_OFFSET(INFCACHEFIELD,
+ Data[_tcslen(Data) + 1]);
Field = (PINFCACHEFIELD)MALLOC(Size);
if (Field == NULL)
{
Modified: trunk/reactos/lib/inflib/infpriv.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/inflib/infpriv.h?rev=28094&r1=28093&r2=28094&view=diff
==============================================================================
--- trunk/reactos/lib/inflib/infpriv.h (original)
+++ trunk/reactos/lib/inflib/infpriv.h Thu Aug 2 08:09:19 2007
@@ -9,6 +9,9 @@
#ifndef INFPRIV_H_INCLUDED
#define INFPRIV_H_INCLUDED
+#ifndef FIELD_OFFSET
+#define FIELD_OFFSET(t,f) ((ptrdiff_t)&(((t*)0)->f))
+#endif
#define INF_STATUS_INSUFFICIENT_RESOURCES (0xC000009A)
#define INF_STATUS_BAD_SECTION_NAME_LINE (0xC0700001)
More information about the Ros-diffs
mailing list