https://bugs.winehq.org/show_bug.cgi?id=45254 Bug ID: 45254 Summary: Buffer overflow, X file children MAX_CHILDREN limit too small, crashes BIONICLE: The Legend of Mata Nui Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: directx-d3dxof Assignee: wine-bugs(a)winehq.org Reporter: legojrmastermodelbuilder(a)gmail.com Distribution: --- In dlls/d3dxof/d3dxof_private.h MAX_CHILDREN is defined as 200, which is too small a buffer for some existing DirectX model .X files: https://github.com/wine-mirror/wine/blob/4102d8a0dc1b02d37d834f17d1925f3b0de... In dlls/d3dxof/parsing.c there is actually a warning if that number is exceeded, but the bounds checking happens after the buffer would be overflown, so it may read the wrong value or simply crash instead: https://github.com/wine-mirror/wine/blob/99a5afc09b1e8928a2b3270ce67784083d2... Native Windows does not appear to impose a hard limit, or if there is one it is larger than 0xFFFF (the highest size I tested). This limitation impacts at least one Windows application, namely the game BIONICLE: The Legend of Mata Nui. This would impact Wine on all platforms. GitHub issue for reference: https://github.com/TheLegendOfMataNui/game-issues/issues/110 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.