From 30ff1f103245ea8f9d487644d79ce81eb9e11ec9 Mon Sep 17 00:00:00 2001 From: James Tabor Date: Mon, 19 Dec 2016 16:37:44 +0000 Subject: [PATCH] [User32] - Patch by Roman Pi?l : Fix buffer overflow in EDIT_EM_ReplaceSel(). svn path=/trunk/; revision=73470 --- reactos/win32ss/user/user32/controls/edit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reactos/win32ss/user/user32/controls/edit.c b/reactos/win32ss/user/user32/controls/edit.c index 47a070b812a..99205864d9c 100644 --- a/reactos/win32ss/user/user32/controls/edit.c +++ b/reactos/win32ss/user/user32/controls/edit.c @@ -2644,7 +2644,7 @@ static void EDIT_EM_ReplaceSel(EDITSTATE *es, BOOL can_undo, LPCWSTR lpsz_replac if (es->buffer_limit < (tl - (e-s))) strl = 0; else - strl = es->buffer_limit - (tl - (e-s)); + strl = min(strl, es->buffer_limit - (tl - (e-s))); } if (!EDIT_MakeFit(es, tl - (e - s) + strl))