From 77e0aae7f3acae3f87ae38264b2edcbe3e227d6c Mon Sep 17 00:00:00 2001 From: Alistair Leslie-Hughes Date: Thu, 1 Jun 2023 17:51:00 +1000 Subject: [PATCH] krnl386.exe16: Don't overflow when calculating size. The application again the bug, passed 1 as the elem parameter which doubled the memory being allocated. When it overflowed (became negative), the value was passed into GlobalAlloc16 which then failed. GlobalAlloc16 takes a DWORD parameter, so the value isn't going to be truncated. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53092 Original patch by github user cracyc for winevdm. --- dlls/krnl386.exe16/ne_segment.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/krnl386.exe16/ne_segment.c b/dlls/krnl386.exe16/ne_segment.c index 3eb8bae2ff3..e455b118e23 100644 --- a/dlls/krnl386.exe16/ne_segment.c +++ b/dlls/krnl386.exe16/ne_segment.c @@ -945,7 +945,7 @@ static WORD NE_Ne2MemFlags(WORD flags) */ DWORD WINAPI MyAlloc16( WORD wFlags, WORD wSize, WORD wElem ) { - WORD size = wSize << wElem; + DWORD size = wSize << wElem; HANDLE16 hMem = 0; if (wSize || (wFlags & NE_SEGFLAGS_MOVEABLE))