[ros-diffs] [tfaber] 63096: [USP10] - Fix buffer overflow in _ItemizeInternal CORE-8133 #resolve

Author: tfaber Date: Thu May 1 19:44:30 2014 New Revision: 63096 URL: http://svn.reactos.org/svn/reactos?rev=63096&view=rev Log: [USP10] - Fix buffer overflow in _ItemizeInternal CORE-8133 #resolve Modified: trunk/reactos/dll/win32/usp10/usp10.c Modified: trunk/reactos/dll/win32/usp10/usp10.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/usp10/usp10.c?re… ============================================================================== --- trunk/reactos/dll/win32/usp10/usp10.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/usp10/usp10.c [iso-8859-1] Thu May 1 19:44:30 2014 @@ -1605,12 +1605,12 @@ * item is set up to prevent random behaviour if the caller erroneously * checks the n+1 structure */ index++; + if (index + 1 > cMaxItems) return E_OUTOFMEMORY; memset(&pItems[index].a, 0, sizeof(SCRIPT_ANALYSIS)); TRACE("index=%d cnt=%d iCharPos=%d\n", index, cnt, pItems[index].iCharPos); /* Set one SCRIPT_STATE item being returned */ - if (index + 1 > cMaxItems) return E_OUTOFMEMORY; if (pcItems) *pcItems = index; /* Set SCRIPT_ITEM */