mirror of
https://github.com/reactos/reactos.git
synced 2024-07-09 06:05:11 +00:00
85f0fb63f3
- Fix a buffer overflow (overread) when adding a locale key to the registry. The history of this bug is funny: 1. Eric wrote the code, which sets a key of REG_SZ type, as 4 widechars plus terminating zero, but passes 8 as the bytesize of the buffer. It's not fully correct (a terminating zero is absent from the bytesize of the buffer, but MSDN doesn't specify if it should be added or not, and hardcoding "8" is not the best idea too) but not dramatic. That was revision 9596, 7 years ago. 2. Lentin notices something is not right in this code, and decides to "fix" it by multiplying that same hardcoded value by.... guess what? sizeof(PWCHAR)! That is, size of a pointer, which on an x86 would be 4 bytes. Massive out of bounds access obviously happens. That was revision 31642, 3 years ago. 3. Very soon Colin reshuffles and improves the code based on patch #2635, however the problem still goes unnoticed (r31655+). See issue #5810 for more details. svn path=/trunk/; revision=50968 |
||
|---|---|---|
| reactos | ||
| rosapps | ||
| rostests | ||
| wallpaper | ||