'Re: oleaut32: Handle xbuf_get erroring out in deserialize_param (and avoid uninitialized read).'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wine-devel
Subject:    Re: oleaut32: Handle xbuf_get erroring out in deserialize_param (and avoid uninitialized read).
From:       Dmitry Timoshkov <dmitry () baikal ! ru>
Date:       2016-09-20 7:29:12
Message-ID: 20160920152912.a59fc1a9.dmitry () baikal ! ru
[Download RAW message or body]

Gerald Pfeifer <gerald@pfeifer.com> wrote:

> --- a/dlls/oleaut32/tmarshal.c
> +++ b/dlls/oleaut32/tmarshal.c
> @@ -1078,7 +1078,10 @@ deserialize_param(
>  	    if (readit) {
>  		DWORD x;
>  		hres = xbuf_get(buf,(LPBYTE)&x,sizeof(DWORD));
> -		if (hres) ERR("Failed to read integer 4 byte\n");
> +		if (hres) {
> +		    ERR("Failed to read integer 4 byte\n");
> +		    x = 0;
> +		}
>  		memcpy(arg,&x,2);
>  	    }
>  	    if (debugout) TRACE_(olerelay)("%04x",*arg & 0xffff);
> @@ -1088,7 +1091,10 @@ deserialize_param(
>  	    if (readit) {
>  		DWORD x;
>  		hres = xbuf_get(buf,(LPBYTE)&x,sizeof(DWORD));
> -		if (hres) ERR("Failed to read integer 4 byte\n");
> +		if (hres) {
> +		    ERR("Failed to read integer 4 byte\n");
> +		    x = 0;
> +		}
>  		memcpy(arg,&x,1);

A proper fix would be to avoid a memcpy() if xbuf_get() fails instead
of creating bogus input data.

-- 
Dmitry.

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic