[cgutman] 57235: [WININET] - Merge fix for buffer overrun causing rapps to crash - http://www.winehq.org/pipermail/wine-patches/2012-July/115909.html
4 Sep
2012
4 Sep
'12
5:05 a.m.
Author: cgutman
Date: Tue Sep 4 05:05:57 2012
New Revision: 57235
URL: http://svn.reactos.org/svn/reactos?rev=57235&view=rev
Log:
[WININET]
- Merge fix for buffer overrun causing rapps to crash
- http://www.winehq.org/pipermail/wine-patches/2012-July/115909.html
Modified:
trunk/reactos/dll/win32/wininet/http.c
Modified: trunk/reactos/dll/win32/wininet/http.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wininet/http.c?r…
==============================================================================
--- trunk/reactos/dll/win32/wininet/http.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/wininet/http.c [iso-8859-1] Tue Sep 4 05:05:57 2012
@@ -2317,7 +2317,7 @@
/* fetch some more data into the read buffer (the read section must be held) */
static DWORD refill_read_buffer(http_request_t *req, read_mode_t read_mode, DWORD
*read_bytes)
{
- DWORD res, read=0;
+ DWORD res, read=0, want;
if(req->read_size == sizeof(req->read_buf))
return ERROR_SUCCESS;
@@ -2328,8 +2328,10 @@
req->read_pos = 0;
}
+ want = sizeof(req->read_buf) - req->read_size;
res = req->data_stream->vtbl->read(req->data_stream, req,
req->read_buf+req->read_size,
- sizeof(req->read_buf)-req->read_size, &read, read_mode);
+ want, &read, read_mode);
+ assert(read <= want);
req->read_size += read;
TRACE("read %u bytes, read_size %u\n", read, req->read_size);
@@ -2370,8 +2372,11 @@
size = min(size, netconn_stream->content_length-netconn_stream->content_read);
- if(read_mode == READMODE_NOBLOCK)
- size = min(size, netconn_get_avail_data(stream, req));
+ if(read_mode == READMODE_NOBLOCK) {
+ DWORD avail = netconn_get_avail_data(stream, req);
+ if (size > avail)
+ size = avail;
+ }
if(size && req->netconn) {
if(NETCON_recv(req->netconn, buf, size, read_mode == READMODE_SYNC ?
MSG_WAITALL : 0, &len) != ERROR_SUCCESS)
4449
days inactive
4449
days old
0 comments
1 participants
participants (1)
-
cgutman@svn.reactos.org