From d00fef689fd640a911e312e892c71d38ab8e1981 Mon Sep 17 00:00:00 2001
From: Steffen Olszewski <sodev@trac.wxwidgets.org>
Date: Sat, 30 Jan 2016 00:45:40 +0100
Subject: [PATCH] Guard against invalid string values of length 1 in wxRegKey

It is not really clear if it can happen, but avoid integer underflow in case
it somehow does and just discard the single byte which can't represent a valid
UTF-16 character anyhow.

See #16719.
---
 src/msw/registry.cpp | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/msw/registry.cpp b/src/msw/registry.cpp
index 707e343399..ff57e5ab3b 100644
--- a/src/msw/registry.cpp
+++ b/src/msw/registry.cpp
@@ -1023,7 +1023,9 @@ bool wxRegKey::QueryValue(const wxString& szValue,
                 return false;
             }
 
-            if ( !dwSize )
+            // We need length in characters, not bytes.
+            DWORD chars = dwSize / sizeof(wxChar);
+            if ( !chars )
             {
                 // must treat this case specially as GetWriteBuf() doesn't like
                 // being called with 0 size
@@ -1033,9 +1035,6 @@ bool wxRegKey::QueryValue(const wxString& szValue,
             {
                 // extra scope for wxStringBufferLength
                 {
-                    // We need length in characters, not bytes.
-                    DWORD chars = dwSize / sizeof(wxChar);
-
                     wxStringBufferLength strBuf(strValue, chars);
                     m_dwLastError = RegQueryValueEx((HKEY) m_hKey,
                                                     RegValueStr(szValue),