1998.04.07 11:48 "Re: Bug in V3.4 for WinNT", by Soren Pingel Dalsgaard
tdata_t
_TIFFrealloc(tdata_t p, tsize_t s)
{
void* pvTmp;
if ((pvTmp = GlobalReAlloc(p, s, 0)) == NULL) {
if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
CopyMemory(pvTmp, p, GlobalSize(p));
GlobalFree(p);
}
}
return ((tdata_t)pvTmp);
}Otherwise this function must fail, if the new memory block is larger than the old one and we copy from the old block the size of the new block to the new block.
Should it not be "MIN(s, GlobalSize(p))" then? That way you copy all the data from the original memory block that will fit in the new one. That way you prevent reading beyond the limit of the source and writing beyond the limit of the destination!
Cheers,
Soren Pingel Dalsgaard
--
Soren Pingel Dalsgaard, Computer Science Department )\._..--....,---,
Aarhus University, Ny Munkegade 116, DK-8000 Aarhus /, _.. \ _.. ,`._ ,.
DENMARK, email:pingel@daimi.aau.dk, ph:+45 86741906`._.-(___.'..(___.'`-.;.'