3f4654
__ntapi_tt_array_convert_utf8_to_utf16(): outer loop: boundary checking.
@@ -307,7 +307,7 @@ int32_t __stdcall __ntapi_tt_array_convert_utf8_to_utf16(
|
|
307
307
|
ubound--;
|
308
308
|
ubound--;
|
309
309
|
|
310
|
-
for (; arrv && *arrv
|
310
|
+
for (; arrv && *arrv && (wch<ubound); arrv++,warrv++) {
|
311
311
|
*warrv = wch - wdiff;
|
312
312
|
ch = *arrv + diff;
|
313
313
|
|
@@ -385,6 +385,9 @@ int32_t __stdcall __ntapi_tt_array_convert_utf8_to_utf16(
|
|
385
385
|
*wch++ = 0;
|
386
386
|
}
|
387
387
|
|
388
|
+
if (wch == ubound)
|
389
|
+
return NT_STATUS_BUFFER_TOO_SMALL;
|
390
|
+
|
388
391
|
*wch++ = 0;
|
389
392
|
*warrv = 0;
|
390
393
|
*bytes_written = sizeof(wchar16_t) * (wch - buffer);
|