From: John Chen <jochen@microsoft.com>
Date: Fri, 13 Nov 2015 18:32:15 +0000 (-0800)
Subject: Fix buffer overrun in SetMscorlibPath
X-Git-Tag: accepted/tizen/base/20180629.140029~6164^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b09cec2250056413b2c142181432e46523043d0d;p=platform%2Fupstream%2Fcoreclr.git

Fix buffer overrun in SetMscorlibPath
---

diff --git a/src/dlls/mscoree/mscoree.cpp b/src/dlls/mscoree/mscoree.cpp
index 6a1af6d..4a581ad 100644
--- a/src/dlls/mscoree/mscoree.cpp
+++ b/src/dlls/mscoree/mscoree.cpp
@@ -1267,10 +1267,12 @@ HRESULT SetInternalSystemDirectory()
 void SetMscorlibPath(LPCWSTR wzSystemDirectory)
 {
     DWORD len = (DWORD)wcslen(wzSystemDirectory);
-    if (g_dwSystemDirectory < len+1)
+    bool appendSeparator = wzSystemDirectory[len-1] != DIRECTORY_SEPARATOR_CHAR_W;
+    DWORD lenAlloc = appendSeparator ? len+2 : len+1;
+    if (g_dwSystemDirectory < lenAlloc)
     {
         delete [] g_pSystemDirectory;
-        g_pSystemDirectory = new (nothrow) WCHAR[len+1];
+        g_pSystemDirectory = new (nothrow) WCHAR[lenAlloc];
         
         if (g_pSystemDirectory == NULL)
         {
@@ -1281,9 +1283,9 @@ void SetMscorlibPath(LPCWSTR wzSystemDirectory)
     
     wcscpy_s(g_pSystemDirectory, len+1, wzSystemDirectory);
     
-    if(g_pSystemDirectory[len-1] != '\\')
+    if(appendSeparator)
     {
-        g_pSystemDirectory[len] = W('\\');
+        g_pSystemDirectory[len] = DIRECTORY_SEPARATOR_CHAR_W;
         g_pSystemDirectory[len+1] = W('\0');
         g_dwSystemDirectory = len + 1;
     }