[jgardou] 53160: [SETUPAPI] - fix confusion on buffer size between string length and number of bytes. Might fix some infamous heap corruption bug during install. Please test.
Author: jgardou Date: Wed Aug 10 01:31:35 2011 New Revision: 53160
URL: http://svn.reactos.org/svn/reactos?rev=53160&view=rev Log: [SETUPAPI] - fix confusion on buffer size between string length and number of bytes. Might fix some infamous heap corruption bug during install. Please test.
Modified: trunk/reactos/dll/win32/setupapi/driver.c
Modified: trunk/reactos/dll/win32/setupapi/driver.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/setupapi/driver.c... ============================================================================== --- trunk/reactos/dll/win32/setupapi/driver.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/setupapi/driver.c [iso-8859-1] Wed Aug 10 01:31:35 2011 @@ -681,9 +681,9 @@ if (dwType == REG_EXPAND_SZ) { cbData = ExpandEnvironmentStringsW(pvBuf, pvData, - pcbData ? *pcbData : 0); + pcbData ? (*pcbData)/sizeof(WCHAR) : 0); dwType = REG_SZ; - if(pcbData && cbData > *pcbData) + if(pcbData && cbData > ((*pcbData)/sizeof(WCHAR))) ret = ERROR_MORE_DATA; } else if (pcbData) @@ -814,7 +814,7 @@ KEY_QUERY_VALUE); if (hDriverKey == INVALID_HANDLE_VALUE) goto done; - RequiredSize = len - strlenW(InfFileName); + RequiredSize = (len - strlenW(InfFileName)) * sizeof(WCHAR); rc = RegGetValueW( hDriverKey, NULL,
-
jgardou@svn.reactos.org