[ros-diffs] [tfaber] 65154: [NEWDEV] - Fix buffer overflow in PopulateCustomPathCombo. Powered by DPH. - Fix a signed vs unsigned comparison

tfaber Fri, 31 Oct 2014 10:36:52 -0700

Author: tfaber
Date: Fri Oct 31 17:35:38 2014
New Revision: 65154

URL: http://svn.reactos.org/svn/reactos?rev=65154&view=rev
Log:
[NEWDEV]
- Fix buffer overflow in PopulateCustomPathCombo. Powered by DPH.
- Fix a signed vs unsigned comparison


Modified:
    trunk/reactos/dll/win32/newdev/wizard.c

Modified: trunk/reactos/dll/win32/newdev/wizard.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/newdev/wizard.c?rev=65154&r1=65153&r2=65154&view=diff
==============================================================================
--- trunk/reactos/dll/win32/newdev/wizard.c     [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/newdev/wizard.c     [iso-8859-1] Fri Oct 31 
17:35:38 2014
@@ -280,7 +280,9 @@
         TRACE("RegQueryValueEx() failed with error 0x%lx\n", rc);
         goto cleanup;
     }
-    Buffer[dwPathLength] = Buffer[dwPathLength + 1] = '\0';
+
+    Buffer[dwPathLength / sizeof(WCHAR)] = UNICODE_NULL;
+    Buffer[dwPathLength / sizeof(WCHAR) + 1] = UNICODE_NULL;
 
     /* Populate combo box */
     for (Path = Buffer; *Path; Path += wcslen(Path) + 1)
@@ -305,7 +307,7 @@
     LPWSTR Buffer = NULL;
     LPWSTR pBuffer; /* Pointer into Buffer */
     int ItemsCount, Length;
-    DWORD i;
+    int i;
     DWORD TotalLength = 0;
     BOOL UseCustomPath = TRUE;
     HKEY hKey = NULL;

[ros-diffs] [tfaber] 65154: [NEWDEV] - Fix buffer overflow in PopulateCustomPathCombo. Powered by DPH. - Fix a signed vs unsigned comparison

Reply via email to