Stefan Leichter <[EMAIL PROTECTED]> writes:
> + * Note
> + * observed unter win2k:
> + * 1. when the function is called to get the required buffer size, the
> value of
> + * the returned parameter needed is big enough to hold the strings as
> WCHARs(!)
It's not WCHARs, it's two A chars per W char to leave enough room for
the conversion. I don't see you doing that in the code.
> + case SERVICE_CONFIG_DESCRIPTION:
> + { LPSERVICE_DESCRIPTIONA configA = (LPSERVICE_DESCRIPTIONA)
> buffer;
> + LPSERVICE_DESCRIPTIONW configW = (LPSERVICE_DESCRIPTIONW)
> bufferW;
> + *needed = sizeof(SERVICE_DESCRIPTIONA);
> + if (configW->lpDescription) {
> + DWORD sz;
> + configA->lpDescription = (LPSTR)(configA + 1);
> + sz = WideCharToMultiByte( CP_ACP, 0,
> configW->lpDescription, -1,
> + configA->lpDescription, size -
> sizeof(SERVICE_DESCRIPTIONA), NULL, NULL );
> + if (!sz) {
> + FIXME("WideCharToMultiByte failed for
> configW->lpDescription\n");
> + ret = FALSE;
> + configA->lpDescription = NULL;
> + goto cleanup;
You need to update the needed size on buffer overflow.
--
Alexandre Julliard
[EMAIL PROTECTED]
