[prev in list] [next in list] [prev in thread] [next in thread]
List: wine-devel
Subject: Re: oleaut32: Handle xbuf_get erroring out in deserialize_param (and avoid uninitialized read).
From: Dmitry Timoshkov <dmitry () baikal ! ru>
Date: 2016-09-20 7:29:12
Message-ID: 20160920152912.a59fc1a9.dmitry () baikal ! ru
[Download RAW message or body]
Gerald Pfeifer <gerald@pfeifer.com> wrote:
> --- a/dlls/oleaut32/tmarshal.c
> +++ b/dlls/oleaut32/tmarshal.c
> @@ -1078,7 +1078,10 @@ deserialize_param(
> if (readit) {
> DWORD x;
> hres = xbuf_get(buf,(LPBYTE)&x,sizeof(DWORD));
> - if (hres) ERR("Failed to read integer 4 byte\n");
> + if (hres) {
> + ERR("Failed to read integer 4 byte\n");
> + x = 0;
> + }
> memcpy(arg,&x,2);
> }
> if (debugout) TRACE_(olerelay)("%04x",*arg & 0xffff);
> @@ -1088,7 +1091,10 @@ deserialize_param(
> if (readit) {
> DWORD x;
> hres = xbuf_get(buf,(LPBYTE)&x,sizeof(DWORD));
> - if (hres) ERR("Failed to read integer 4 byte\n");
> + if (hres) {
> + ERR("Failed to read integer 4 byte\n");
> + x = 0;
> + }
> memcpy(arg,&x,1);
A proper fix would be to avoid a memcpy() if xbuf_get() fails instead
of creating bogus input data.
--
Dmitry.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic