[ros-diffs] [cgutman] 57235: [WININET] - Merge fix for buffer overrun causing rapps to crash - http://www.winehq.org/pipermail/wine-patches/2012-July/115909.html

Author: cgutman Date: Tue Sep 4 05:05:57 2012 New Revision: 57235

URL: http://svn.reactos.org/svn/reactos?rev=57235&view=rev Log: [WININET] - Merge fix for buffer overrun causing rapps to crash - http://www.winehq.org/pipermail/wine-patches/2012-July/115909.html

Modified: trunk/reactos/dll/win32/wininet/http.c

Modified: trunk/reactos/dll/win32/wininet/http.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wininet/http.c?re... ============================================================================== --- trunk/reactos/dll/win32/wininet/http.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/wininet/http.c [iso-8859-1] Tue Sep 4 05:05:57 2012 @@ -2317,7 +2317,7 @@ /* fetch some more data into the read buffer (the read section must be held) */ static DWORD refill_read_buffer(http_request_t *req, read_mode_t read_mode, DWORD *read_bytes) { - DWORD res, read=0; + DWORD res, read=0, want;

if(req->read_size == sizeof(req->read_buf)) return ERROR_SUCCESS; @@ -2328,8 +2328,10 @@ req->read_pos = 0; }

+ want = sizeof(req->read_buf) - req->read_size; res = req->data_stream->vtbl->read(req->data_stream, req, req->read_buf+req->read_size, - sizeof(req->read_buf)-req->read_size, &read, read_mode); + want, &read, read_mode); + assert(read <= want); req->read_size += read;

TRACE("read %u bytes, read_size %u\n", read, req->read_size); @@ -2370,8 +2372,11 @@

size = min(size, netconn_stream->content_length-netconn_stream->content_read);

- if(read_mode == READMODE_NOBLOCK) - size = min(size, netconn_get_avail_data(stream, req)); + if(read_mode == READMODE_NOBLOCK) { + DWORD avail = netconn_get_avail_data(stream, req); + if (size > avail) + size = avail; + }

if(size && req->netconn) { if(NETCON_recv(req->netconn, buf, size, read_mode == READMODE_SYNC ? MSG_WAITALL : 0, &len) != ERROR_SUCCESS)