diff options
| author | midipix <writeonce@midipix.org> | 2024-01-23 06:07:47 +0000 |
|---|---|---|
| committer | midipix <writeonce@midipix.org> | 2024-01-23 06:07:47 +0000 |
| commit | 3f465430af19d730b3be87b97dbb306563dc990a (patch) | |
| tree | 8fc993f896d2bf1eba55bc9578adc3b24571bb09 | |
| parent | 0293b897e1da4aaa1953c0d4b61a2bfae03c3f0c (diff) | |
| download | ntapi-3f465430af19d730b3be87b97dbb306563dc990a.tar.bz2 ntapi-3f465430af19d730b3be87b97dbb306563dc990a.tar.xz | |
__ntapi_tt_array_convert_utf8_to_utf16(): outer loop: boundary checking.
| -rw-r--r-- | src/argv/ntapi_tt_array_utf8.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/argv/ntapi_tt_array_utf8.c b/src/argv/ntapi_tt_array_utf8.c index ed8dd9a..e19ad43 100644 --- a/src/argv/ntapi_tt_array_utf8.c +++ b/src/argv/ntapi_tt_array_utf8.c @@ -307,7 +307,7 @@ int32_t __stdcall __ntapi_tt_array_convert_utf8_to_utf16( ubound--; ubound--; - for (; arrv && *arrv; arrv++,warrv++) { + for (; arrv && *arrv && (wch<ubound); arrv++,warrv++) { *warrv = wch - wdiff; ch = *arrv + diff; @@ -385,6 +385,9 @@ int32_t __stdcall __ntapi_tt_array_convert_utf8_to_utf16( *wch++ = 0; } + if (wch == ubound) + return NT_STATUS_BUFFER_TOO_SMALL; + *wch++ = 0; *warrv = 0; *bytes_written = sizeof(wchar16_t) * (wch - buffer); |