What are we doing to prevent integer overflow on these allocations? Shouldn't we, perhaps, use some wrapper that checks that "cbFilter*sizeof(WCHAR)" is not greater than "MAXINT"?Changelog: Fixed use of uninitialized memory and wrong buffersize (found by valgrind).
Michael
------------------------------------------------------------------------
--- dlls/avifil32/api.c.SAV 2003-09-20 16:14:45.000000000 +0200 +++ dlls/avifil32/api.c 2003-09-20 14:46:10.000000000 +0200 @@ -1009,7 +1009,7 @@ szFilter[0] = 0; szFilter[1] = 0;
- wszFilter = (LPWSTR)GlobalAllocPtr(GHND, cbFilter);
+ wszFilter = (LPWSTR)GlobalAllocPtr(GHND, cbFilter * sizeof(WCHAR));
if (wszFilter == NULL)
return AVIERR_MEMORY;
Shachar
-- Shachar Shemesh Open Source integration consultant Home page & resume - http://www.shemesh.biz/