projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 554ed50)
[USP10]
authorThomas Faber <thomas.faber@reactos.org>
Thu, 1 May 2014 19:44:30 +0000 (19:44 +0000)
committerThomas Faber <thomas.faber@reactos.org>
Thu, 1 May 2014 19:44:30 +0000 (19:44 +0000)
- Fix buffer overflow in _ItemizeInternal
CORE-8133 #resolve

svn path=/trunk/; revision=63096

reactos/dll/win32/usp10/usp10.c patch | blob | history

diff --git a/reactos/dll/win32/usp10/usp10.c b/reactos/dll/win32/usp10/usp10.c
index 406ad1c..4a57480 100644 (file)
--- a/reactos/dll/win32/usp10/usp10.c
+++ b/reactos/dll/win32/usp10/usp10.c
@@ -1605,12 +1605,12 @@ static HRESULT _ItemizeInternal(const WCHAR *pwcInChars, int cInChars,
      * item is set up to prevent random behaviour if the caller erroneously
      * checks the n+1 structure                                              */
     index++;
+    if (index + 1 > cMaxItems) return E_OUTOFMEMORY;
     memset(&pItems[index].a, 0, sizeof(SCRIPT_ANALYSIS));
 
     TRACE("index=%d cnt=%d iCharPos=%d\n", index, cnt, pItems[index].iCharPos);
 
     /*  Set one SCRIPT_STATE item being returned  */
-    if  (index + 1 > cMaxItems) return E_OUTOFMEMORY;
     if (pcItems) *pcItems = index;
 
     /*  Set SCRIPT_ITEM                                     */
A free Windows-compatible Operating System