[Bug 49279] New: Possible array out of bounds in mci.c
https://bugs.winehq.org/show_bug.cgi?id=49279 Bug ID: 49279 Summary: Possible array out of bounds in mci.c Product: Wine Version: 5.9 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: winmm&mci Assignee: wine-bugs(a)winehq.org Reporter: mikrutrafal54(a)gmail.com Distribution: --- Trace can use invalid memory, because index are checked after use. ``` TRACE("Dumping cmdTbl=%d [lpTable=%p devType=%d]\n", uTbl, S_MciCmdTable[uTbl].lpTable, S_MciCmdTable[uTbl].uDevType); if (uTbl >= MAX_MCICMDTABLE || !S_MciCmdTable[uTbl].lpTable) return FALSE; ``` https://github.com/wine-mirror/wine/blob/6d801377055911d914226a3c6af8d8637a6... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=49279 Sagawa <sagawa.aki+winebugs(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sagawa.aki+winebugs(a)gmail.c | |om --- Comment #1 from Sagawa <sagawa.aki+winebugs(a)gmail.com> ---
From my point of view, 'uTbl >= MAX_MCICMDTABLE' is redundant.
The function's uTbl argument originated from MCI_DumpCommandTable()'s argument. MCI_DumpCommandTable() is called inside a for loop and its argument range is [0..MAX_MCICMDTABLE). Thus, it never exceeds MAX_MCICMDTABLE. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla