projects
/
reactos.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
ebd9d97
)
[0.4.8][MSXML3] Fix buffer overflow in BindStatusCallback_GetBindInfo. CORE-14570
author
Joachim Henze
<Joachim.Henze@reactos.org>
Tue, 4 Oct 2022 19:00:28 +0000
(21:00 +0200)
committer
Joachim Henze
<Joachim.Henze@reactos.org>
Tue, 4 Oct 2022 19:00:28 +0000
(21:00 +0200)
On testbots for test "msxml3 : httpreq" we could observe with DPH enabled:
*** Assertion failed: LastEntry->Size != 0
*** Source File: /srv/buildbot/Build_GCCLin_x86/build/sdk/lib/rtl/heap.c, line 675
Fix picked from 0.4.9-dev-756-g
708d26acf396d81fa475f3ce7b70d3346279b133
The fix was also sent to Wine:
https://source.winehq.org/git/wine.git/commit/
a64403904dfc50ed81c1a724f9a322e5ae4a025b
dll/win32/msxml3/httprequest.c
patch
|
blob
|
history
diff --git
a/dll/win32/msxml3/httprequest.c
b/dll/win32/msxml3/httprequest.c
index
56bc51a
..
f17148d
100644
(file)
--- a/
dll/win32/msxml3/httprequest.c
+++ b/
dll/win32/msxml3/httprequest.c
@@
-373,7
+373,7
@@
static HRESULT WINAPI BindStatusCallback_GetBindInfo(IBindStatusCallback *iface,
pbindinfo->dwBindVerb = This->request->verb;
if (This->request->verb == BINDVERB_CUSTOM)
{
- pbindinfo->szCustomVerb = CoTaskMemAlloc(SysStringByteLen(This->request->custom));
+ pbindinfo->szCustomVerb = CoTaskMemAlloc(SysStringByteLen(This->request->custom)
+sizeof(WCHAR)
);
strcpyW(pbindinfo->szCustomVerb, This->request->custom);
}