[ros-diffs] [tfaber] 65154: [NEWDEV] - Fix buffer overflow in PopulateCustomPathCombo. Powered by DPH. - Fix a signed vs unsigned comparison

Author: tfaber Date: Fri Oct 31 17:35:38 2014 New Revision: 65154 URL: http://svn.reactos.org/svn/reactos?rev=65154&view=rev Log: [NEWDEV] - Fix buffer overflow in PopulateCustomPathCombo. Powered by DPH. - Fix a signed vs unsigned comparison Modified: trunk/reactos/dll/win32/newdev/wizard.c Modified: trunk/reactos/dll/win32/newdev/wizard.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/newdev/wizard.c?… ============================================================================== --- trunk/reactos/dll/win32/newdev/wizard.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/newdev/wizard.c [iso-8859-1] Fri Oct 31 17:35:38 2014 @@ -280,7 +280,9 @@ TRACE("RegQueryValueEx() failed with error 0x%lx\n", rc); goto cleanup; } - Buffer[dwPathLength] = Buffer[dwPathLength + 1] = '\0'; + + Buffer[dwPathLength / sizeof(WCHAR)] = UNICODE_NULL; + Buffer[dwPathLength / sizeof(WCHAR) + 1] = UNICODE_NULL; /* Populate combo box */ for (Path = Buffer; *Path; Path += wcslen(Path) + 1) @@ -305,7 +307,7 @@ LPWSTR Buffer = NULL; LPWSTR pBuffer; /* Pointer into Buffer */ int ItemsCount, Length; - DWORD i; + int i; DWORD TotalLength = 0; BOOL UseCustomPath = TRUE; HKEY hKey = NULL;