[ros-diffs] [rmessiant] 54590: [REGEDIT] - Prevent buffer overflow when creating the display value for a value of type REG_MULTI_SZ. - Prevent processing excess data when preparing a value of type REG_MULTI_SZ...

Author: rmessiant Date: Sun Dec 4 19:19:33 2011 New Revision: 54590 URL: http://svn.reactos.org/svn/reactos?rev=54590&view=rev Log: [REGEDIT] - Prevent buffer overflow when creating the display value for a value of type REG_MULTI_SZ. - Prevent processing excess data when preparing a value of type REG_MULTI_SZ for editing. Modified: trunk/reactos/base/applications/regedit/edit.c trunk/reactos/base/applications/regedit/listview.c Modified: trunk/reactos/base/applications/regedit/edit.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/… ============================================================================== --- trunk/reactos/base/applications/regedit/edit.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/edit.c [iso-8859-1] Sun Dec 4 19:19:33 2011 @@ -1127,7 +1127,7 @@ size_t llen, listlen, nl_len; LPTSTR src, lines = NULL; - if (!(stringValueData = HeapAlloc(GetProcessHeap(), 0, valueDataLen))) + if (!(stringValueData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, valueDataLen + sizeof(TCHAR)))) { error(hwnd, IDS_TOO_BIG_VALUE, valueDataLen); goto done; Modified: trunk/reactos/base/applications/regedit/listview.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/regedit/… ============================================================================== --- trunk/reactos/base/applications/regedit/listview.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/regedit/listview.c [iso-8859-1] Sun Dec 4 19:19:33 2011 @@ -186,7 +186,7 @@ if(dwCount >= 2) { src = (LPTSTR)ValBuf; - str = HeapAlloc(GetProcessHeap(), 0, dwCount); + str = HeapAlloc(GetProcessHeap(), 0, dwCount + sizeof(TCHAR)); if(str != NULL) { *str = _T('\0');