From 765d2457587f96c019f18ad0436cbb5038114623 Mon Sep 17 00:00:00 2001
From: anders_k <anders_k@212acab6-be3b-0410-9dea-997c60f758d6>
Date: Sun, 21 Aug 2016 12:00:00 +0000
Subject: [PATCH] Fixed possible buffer overflow bug in unused
 WinWStrDupFromChar function (Patch #271)

git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@6781 212acab6-be3b-0410-9dea-997c60f758d6
---
 Docs/src/history.but | 10 ++++++++++
 Source/winchar.cpp   |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/Docs/src/history.but b/Docs/src/history.but
index efde64be..96904045 100644
--- a/Docs/src/history.but
+++ b/Docs/src/history.but
@@ -1,5 +1,15 @@
 \A{history} Changelog and Release Notes
 
+\H{v3.01} 3.01
+
+Released on ? ?th, 201?
+
+\S1{v3.01-cl} Changelog
+
+\S2{} Minor Changes
+
+\b Fixed buffer size bug in winchar.cpp (\W{http://sf.net/p/nsis/patches/271}{patch #271})
+
 \H{v3.0} 3.0
 
 Released on July 24th, 2016
diff --git a/Source/winchar.cpp b/Source/winchar.cpp
index 0e11c6f3..57013284 100644
--- a/Source/winchar.cpp
+++ b/Source/winchar.cpp
@@ -46,7 +46,7 @@ int WinWStrNICmpASCII(const WINWCHAR *a, const char *b, size_t n)
 WINWCHAR* WinWStrDupFromChar(const char *s, unsigned int cp)
 {
   int cch = MultiByteToWideChar(cp, 0, s, -1, 0, 0);
-  wchar_t *p = (wchar_t*) malloc(cch);
+  wchar_t *p = (wchar_t*) malloc(cch * sizeof(wchar_t));
   if (p)
   {
     MultiByteToWideChar(cp, 0, s, -1, p, cch);