From: Gabriel Ivăncescu Subject: [PATCH v2 2/2] user32/listbox: Fix InitStorage heap extension Message-Id: <3665a300d74c7cad82e7b6f901a3802e55bfeffb.1537371484.git.gabrielopcode@gmail.com> Date: Wed, 19 Sep 2018 18:38:28 +0300 In-Reply-To: <4e2c3fd98299b988e619e52f221223d69ecc74f4.1537371484.git.gabrielopcode@gmail.com> References: <4e2c3fd98299b988e619e52f221223d69ecc74f4.1537371484.git.gabrielopcode@gmail.com> Signed-off-by: Gabriel Ivăncescu --- v2: Assume LB_ARRAY_GRANULARITY is a power of 2 and note it in the comments. dlls/user32/listbox.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/dlls/user32/listbox.c b/dlls/user32/listbox.c index c8bd148..af325d2 100644 --- a/dlls/user32/listbox.c +++ b/dlls/user32/listbox.c @@ -36,7 +36,7 @@ WINE_DEFAULT_DEBUG_CHANNEL(listbox); -/* Items array granularity */ +/* Items array granularity; must be a power of 2 */ #define LB_ARRAY_GRANULARITY 16 /* Scrolling timeout in ms */ @@ -698,16 +698,18 @@ static LRESULT LISTBOX_InitStorage( LB_DESCR *descr, INT nb_items ) { LB_ITEMDATA *item; - nb_items += LB_ARRAY_GRANULARITY - 1; - nb_items -= (nb_items % LB_ARRAY_GRANULARITY); if (descr->items) { - nb_items += HeapSize( GetProcessHeap(), 0, descr->items ) / sizeof(*item); - item = HeapReAlloc( GetProcessHeap(), 0, descr->items, - nb_items * sizeof(LB_ITEMDATA)); + nb_items += descr->nb_items; + if (nb_items > HeapSize(GetProcessHeap(), 0, descr->items) / sizeof(*item)) + { + UINT n = (nb_items + LB_ARRAY_GRANULARITY - 1) & ~(LB_ARRAY_GRANULARITY - 1); + item = HeapReAlloc(GetProcessHeap(), 0, descr->items, n * sizeof(*item)); + } + else return LB_OKAY; } else { - item = HeapAlloc( GetProcessHeap(), 0, - nb_items * sizeof(LB_ITEMDATA)); + UINT n = (nb_items + LB_ARRAY_GRANULARITY - 1) & ~(LB_ARRAY_GRANULARITY - 1); + item = HeapAlloc(GetProcessHeap(), 0, n * sizeof(*item)); } if (!item) -- 1.9.1