projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 38b91bd)
fixed uninitialized variable warnings and possible buffer overflows when reading...
authorThomas Bluemel <thomas@reactsoft.com>
Sun, 11 Dec 2005 22:13:46 +0000 (22:13 +0000)
committerThomas Bluemel <thomas@reactsoft.com>
Sun, 11 Dec 2005 22:13:46 +0000 (22:13 +0000)
svn path=/trunk/; revision=20088

reactos/lib/setupapi/devinst.c patch | blob | history

diff --git a/reactos/lib/setupapi/devinst.c b/reactos/lib/setupapi/devinst.c
index 2faf7ae..6bbfaba 100644 (file)
--- a/reactos/lib/setupapi/devinst.c
+++ b/reactos/lib/setupapi/devinst.c
@@ -1872,13 +1872,14 @@ static BOOL GetIconIndex(
         SetLastError(ERROR_NOT_ENOUGH_MEMORY);
         goto cleanup;
     }
-    Buffer[dwLength / sizeof(WCHAR)] = 0;
     rc = RegQueryValueExW(hClassKey, L"Icon", NULL, NULL, (LPBYTE)Buffer, &dwLength);
     if (rc != ERROR_SUCCESS)
     {
         SetLastError(rc);
         goto cleanup;
     }
+    /* make sure the returned buffer is NULL-terminated */
+    Buffer[dwLength / sizeof(WCHAR)] = 0;
 
     /* Transform "Icon" value to a INT */
     *ImageIndex = atoiW(Buffer);
@@ -2065,7 +2066,7 @@ BOOL WINAPI SetupDiLoadClassIcon(
             rc = RegQueryValueExW(hKey, L"Installer32", NULL, &dwRegType, NULL, &dwLength);
             if (rc == ERROR_SUCCESS && dwRegType == REG_SZ)
             {
-                Buffer = MyMalloc(dwLength);
+                Buffer = MyMalloc(dwLength + sizeof(WCHAR));
                 if (Buffer == NULL)
                 {
                     SetLastError(ERROR_NOT_ENOUGH_MEMORY);
@@ -2077,12 +2078,14 @@ BOOL WINAPI SetupDiLoadClassIcon(
                     SetLastError(rc);
                     goto cleanup;
                 }
+                /* make sure the returned buffer is NULL-terminated */
+                Buffer[dwLength / sizeof(WCHAR)] = 0;
             }
             else if
                 (ERROR_SUCCESS == (rc = RegQueryValueExW(hKey, L"EnumPropPages32", NULL, &dwRegType, NULL, &dwLength))
                 && dwRegType == REG_SZ)
             {
-                Buffer = MyMalloc(dwLength);
+                Buffer = MyMalloc(dwLength + sizeof(WCHAR));
                 if (Buffer == NULL)
                 {
                     SetLastError(ERROR_NOT_ENOUGH_MEMORY);
@@ -2094,6 +2097,8 @@ BOOL WINAPI SetupDiLoadClassIcon(
                     SetLastError(rc);
                     goto cleanup;
                 }
+                /* make sure the returned buffer is NULL-terminated */
+                Buffer[dwLength / sizeof(WCHAR)] = 0;
             }
             else
             {
@@ -2108,6 +2113,7 @@ BOOL WINAPI SetupDiLoadClassIcon(
                 goto cleanup;
             }
             *Comma = '\0';
+            DllName = Buffer;
         }
         else
         {
A free Windows-compatible Operating System