Changeset 3047 for pjproject/trunk/pjlib/src/pj/unicode_win32.c

Timestamp:

Jan 6, 2010 2:35:13 PM (14 years ago)

Author:

bennylp

Message:

Ticket #1012: Potential buffer overflow in Unicode string conversion (thanks Orville Pike for the report)

File:

• pjproject/trunk/pjlib/src/pj/unicode_win32.c (modified) (2 diffs)

pjproject/trunk/pjlib/src/pj/unicode_win32.c

@@ -31 +31 @@
     len = MultiByteToWideChar(CP_ACP, 0, s, len, 
                               buf, buf_count);
-    buf[len] = 0;
+    if (buf_count) {
+        if (len < buf_count)
+            buf[len] = 0;
+        else
+            buf[len-1] = 0;
+    }
+
     return buf;
 }
@@ -42 +48 @@
 
     len = WideCharToMultiByte(CP_ACP, 0, wstr, len, buf, buf_size, NULL, NULL);
-    buf[len] = '\0';
+    if (buf_size) {
+        if (len < buf_size)
+            buf[len] = '\0';
+        else
+            buf[len-1] = '\0';
+    }
+
     return buf;
 }