windows: wc_to_utf8(): Fix a WCHAR related issue causing crashes.

In wc_to_utf8() in windows.c, the zero terminator is written to an invalid
array index, which results in 2 bytes being zeroed in a random place in the
stack. This sometimes causes a crash when running sp_list_ports() (depending
on string length and compiler optimisation settings).

sizeof(wc_str) returns the size in bytes, so cannot be used directly as an
index into that array, it should be divided by sizeof(WCHAR). Otherwise the
zero terminator index is approximately twice what it should be.

This fixes bug #1031.

diff --git a/windows.c b/windows.c
index 644a701e46ecc80e4a7a40a8edea39522c32a0a5..360da73d4d52800f9f43dc0c1ad38ae4699064c0 100644 (file)
--- a/windows.c
+++ b/windows.c
@@ -30,12 +30,13 @@ static void enumerate_hub(struct sp_port *port, const char *hub_name,
 
 static char *wc_to_utf8(PWCHAR wc_buffer, ULONG size)
 {
-       WCHAR wc_str[(size / sizeof(WCHAR)) + 1];
+       ULONG wc_length = size / sizeof(WCHAR);
+       WCHAR wc_str[wc_length + 1];
        char *utf8_str;
 
        /* Zero-terminate the wide char string. */
        memcpy(wc_str, wc_buffer, size);
-       wc_str[sizeof(wc_str) - 1] = 0;
+       wc_str[wc_length] = 0;
 
        /* Compute the size of the UTF-8 converted string. */
        if (!(size = WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, wc_str, -1,