"Maarten Lankhorst" <[EMAIL PROTECTED]> writes:
> @@ -1970,7 +1970,7 @@ NTSTATUS WINAPI RtlIntegerToUnicodeString(
> } while (value != 0L);
>
> str->Length = (&buffer[32] - pos) * sizeof(WCHAR);
> - if (str->Length >= str->MaximumLength) {
> + if (str->Length + sizeof(WCHAR) >= str->MaximumLength) {
> return STATUS_BUFFER_OVERFLOW;
> } else {
> memcpy(str->Buffer, pos, str->Length + sizeof(WCHAR));
There's no overflow here. The Windows implementation of
RtlIntegerToUnicodeString seems badly confused but I don't think
we need to replicate those bugs.
--
Alexandre Julliard
[EMAIL PROTECTED]
