[tfaber] 63096: [USP10] - Fix buffer overflow in _ItemizeInternal CORE-8133 #resolve - Ros-diffs

1 May 2014

Author: tfaber
Date: Thu May  1 19:44:30 2014
New Revision: 63096
URL: http://svn.reactos.org/svn/reactos?rev=63096&view=rev
Log:
[USP10]
- Fix buffer overflow in _ItemizeInternal
CORE-8133 #resolve
Modified:
    trunk/reactos/dll/win32/usp10/usp10.c
Modified: trunk/reactos/dll/win32/usp10/usp10.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/usp10/usp10.c?rev...
==============================================================================

--- trunk/reactos/dll/win32/usp10/usp10.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/win32/usp10/usp10.c	[iso-8859-1] Thu May  1 19:44:30 2014
@@ -1605,12 +1605,12 @@
      * item is set up to prevent random behaviour if the caller erroneously
      * checks the n+1 structure                                              */
     index++;
+    if (index + 1 > cMaxItems) return E_OUTOFMEMORY;
     memset(&pItems[index].a, 0, sizeof(SCRIPT_ANALYSIS));
TRACE("index=%d cnt=%d iCharPos=%d\n", index, cnt, pItems[index].iCharPos);
/*  Set one SCRIPT_STATE item being returned  */
-    if  (index + 1 > cMaxItems) return E_OUTOFMEMORY;
     if (pcItems) *pcItems = index;
/*  Set SCRIPT_ITEM                                     */

    