From 5a88d3050f3826ace23a8dca99c53626b92677d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Gardou?= <jerome.gardou@reactos.org>
Date: Wed, 10 Aug 2011 01:31:35 +0000
Subject: [PATCH] [SETUPAPI] - fix confusion on buffer size between string
 length and number of bytes. Might fix some infamous heap corruption bug
 during install. Please test.

svn path=/trunk/; revision=53160
---
 reactos/dll/win32/setupapi/driver.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/reactos/dll/win32/setupapi/driver.c b/reactos/dll/win32/setupapi/driver.c
index 3892bd5e2ca..41de21aa44c 100644
--- a/reactos/dll/win32/setupapi/driver.c
+++ b/reactos/dll/win32/setupapi/driver.c
@@ -681,9 +681,9 @@ RegGetValueW( HKEY hKey, LPCWSTR pszSubKey, LPCWSTR pszValue,
             if (dwType == REG_EXPAND_SZ)
             {
                 cbData = ExpandEnvironmentStringsW(pvBuf, pvData,
-                                                   pcbData ? *pcbData : 0);
+                                                   pcbData ? (*pcbData)/sizeof(WCHAR) : 0);
                 dwType = REG_SZ;
-                if(pcbData && cbData > *pcbData)
+                if(pcbData && cbData > ((*pcbData)/sizeof(WCHAR)))
                     ret = ERROR_MORE_DATA;
             }
             else if (pcbData)
@@ -814,7 +814,7 @@ SetupDiBuildDriverInfoList(
                 KEY_QUERY_VALUE);
             if (hDriverKey == INVALID_HANDLE_VALUE)
                 goto done;
-            RequiredSize = len - strlenW(InfFileName);
+            RequiredSize = (len - strlenW(InfFileName)) * sizeof(WCHAR);
             rc = RegGetValueW(
                 hDriverKey,
                 NULL,