diff --git a/contrib/credential/wincred/git-credential-wincred.c b/contrib/credential/wincred/git-credential-wincred.c index 73c2b9b72ab53e..22eb27ca31dea0 100644 --- a/contrib/credential/wincred/git-credential-wincred.c +++ b/contrib/credential/wincred/git-credential-wincred.c @@ -121,10 +121,10 @@ static int match_part_last(LPCWSTR *ptarget, LPCWSTR want, LPCWSTR delim) static int match_cred_password(const CREDENTIALW *cred) { int ret; - WCHAR *cred_password = xmalloc(cred->CredentialBlobSize); - wcsncpy_s(cred_password, cred->CredentialBlobSize, - (LPCWSTR)cred->CredentialBlob, - cred->CredentialBlobSize / sizeof(WCHAR)); + size_t wlen = cred->CredentialBlobSize / sizeof(WCHAR); + WCHAR *cred_password = xmalloc((wlen + 1) * sizeof(WCHAR)); + wcsncpy_s(cred_password, wlen + 1, + (LPCWSTR)cred->CredentialBlob, wlen); ret = !wcscmp(cred_password, password); free(cred_password); return ret; @@ -208,8 +208,8 @@ static void store_credential(void) if (oauth_refresh_token) { wlen = _scwprintf(L"%s\r\noauth_refresh_token=%s", password, oauth_refresh_token); - secret = xmalloc(sizeof(WCHAR) * wlen); - _snwprintf_s(secret, sizeof(WCHAR) * wlen, wlen, L"%s\r\noauth_refresh_token=%s", password, oauth_refresh_token); + secret = xmalloc((wlen + 1) * sizeof(WCHAR)); + _snwprintf_s(secret, wlen + 1, wlen, L"%s\r\noauth_refresh_token=%s", password, oauth_refresh_token); } else { secret = _wcsdup(password); }