X-Git-Url: https://wimlib.net/git/?a=blobdiff_plain;f=src%2Fregistry.c;h=8dc702fdbf0a6af815a4dadb6847ce77c508fbee;hb=754936f4654fae549d0fb6586c1f4cfea7e732d9;hp=6b7f9815bce7a97b7385741934d83a3176e400a7;hpb=57fb030cb2f6744b65c8d0fea68df534728515f9;p=wimlib

diff --git a/src/registry.c b/src/registry.c
index 6b7f9815..8dc702fd 100644
--- a/src/registry.c
+++ b/src/registry.c
@@ -143,6 +143,7 @@ struct data_cell {
 
 /* Arbitrary limits for safety  */
 #define MAX_VALUES		65536
+#define MAX_VALUE_SIZE		1048576
 #define MAX_SUBKEYS		65536
 #define MAX_SUBKEY_LIST_LEVELS	5
 #define MAX_SUBKEY_LISTS	4096
@@ -192,16 +193,16 @@ get_cell_pointer(const struct regf *regf, le32 offset, size_t wanted_size)
 	u32 total = le32_to_cpu(regf->total_hbin_size);
 	u32 offs = le32_to_cpu(offset);
 	const struct cell *cell;
-	s32 actual_size;
+	u32 actual_size;
 
 	if ((offs > total) || (offs & 7) || (wanted_size > total - offs))
 		return NULL;
 
 	cell = (const struct cell *)&regf->hbin_area[offs];
-	actual_size = le32_to_cpu(cell->size);
-	if (actual_size >= 0) /* Cell not in use?  */
+	actual_size = -le32_to_cpu(cell->size);
+	if (actual_size > INT32_MAX) /* Cell unused, or size was INT32_MIN?  */
 		return NULL;
-	if (wanted_size > -actual_size) /* Cell too small?  */
+	if (wanted_size > actual_size) /* Cell too small?  */
 		return NULL;
 	return cell;
 }
@@ -352,7 +353,7 @@ lookup_subkey_cb(const struct nk *sub_nk, void *_ctx)
 
 	if (names_equal(ctx->key_name, ctx->key_name_nchars,
 			sub_nk->name, le16_to_cpu(sub_nk->name_size),
-			(sub_nk->flags & NK_COMPRESSED_NAME)))
+			(sub_nk->flags & NK_COMPRESSED_NAME) != 0))
 	{
 		ctx->result = sub_nk;
 		return HIVE_ITERATION_STOPPED;
@@ -488,7 +489,7 @@ lookup_value(const struct regf *regf, const tchar *key_name,
 
 		if (names_equal(value_uname, value_uname_nchars,
 				vk->name, name_size,
-				 (vk->flags & VK_COMPRESSED_NAME)))
+				(vk->flags & VK_COMPRESSED_NAME) != 0))
 		{
 			*vk_ret = vk;
 			status = HIVE_OK;
@@ -532,7 +533,7 @@ retrieve_value(const struct regf *regf, const tchar *key_name,
 	is_inline = (data_size & 0x80000000);
 	data_size &= 0x7FFFFFFF;
 
-	if (data_size > 1048576)	/* Arbitrary limit */
+	if (data_size > MAX_VALUE_SIZE)
 		return HIVE_CORRUPT;
 
 	if (is_inline) {
@@ -680,12 +681,11 @@ append_subkey_name(const struct nk *sub_nk, void *_next_subkey_p)
 			subkey[i] = sub_nk->name[i];
 		subkey[name_size] = '\0';
 	} else {
-		size_t dummy;
 		enum hive_status status;
 
 		status = translate_wimlib_error(
 			utf16le_to_tstr((utf16lechar *)sub_nk->name,
-					name_size, &subkey, &dummy));
+					name_size, &subkey, NULL));
 		if (status != HIVE_OK)
 			return status;
 	}