[jgardou] 53160: [SETUPAPI] - fix confusion on buffer size between string length and number of bytes. Might fix some infamous heap corruption bug during install. Please test. - Ros-diffs

10 Aug 2011

Author: jgardou
Date: Wed Aug 10 01:31:35 2011
New Revision: 53160

URL: http://svn.reactos.org/svn/reactos?rev=53160&view=rev
Log:
[SETUPAPI]
- fix confusion on buffer size between string length and number of bytes.
Might fix some infamous heap corruption bug during install. Please test.

Modified:
    trunk/reactos/dll/win32/setupapi/driver.c

Modified: trunk/reactos/dll/win32/setupapi/driver.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/setupapi/driver.…
==============================================================================

--- trunk/reactos/dll/win32/setupapi/driver.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/setupapi/driver.c [iso-8859-1] Wed Aug 10 01:31:35 2011
@@ -681,9 +681,9 @@
             if (dwType == REG_EXPAND_SZ)
             {
                 cbData = ExpandEnvironmentStringsW(pvBuf, pvData,
-                                                   pcbData ? *pcbData : 0);
+                                                   pcbData ? (*pcbData)/sizeof(WCHAR) :
0);
                 dwType = REG_SZ;
-                if(pcbData && cbData > *pcbData)
+                if(pcbData && cbData > ((*pcbData)/sizeof(WCHAR)))
                     ret = ERROR_MORE_DATA;
             }
             else if (pcbData)
@@ -814,7 +814,7 @@
                 KEY_QUERY_VALUE);
             if (hDriverKey == INVALID_HANDLE_VALUE)
                 goto done;
-            RequiredSize = len - strlenW(InfFileName);
+            RequiredSize = (len - strlenW(InfFileName)) * sizeof(WCHAR);
             rc = RegGetValueW(
                 hDriverKey,
                 NULL,



    