[Bug 20757] New: Buffer overrun in NetQueryDisplayInformation
http://bugs.winehq.org/show_bug.cgi?id=20757 Summary: Buffer overrun in NetQueryDisplayInformation Product: Wine Version: 1.1.33 Platform: PC OS/Version: Linux Status: NEW Keywords: source, testcase Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs(a)winehq.org ReportedBy: dank(a)kegel.com http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-netapi32_access.txt shows the error message Invalid write of size 2 at strcpyW (unicode.h:224) by lstrcpyW (string.c:104) by ACCESS_CopyDisplayUser (access.c:575) by NetQueryDisplayInformation (access.c:688) by run_querydisplayinformation1_tests (access.c:184) by func_access (access.c:344) Address 0x7f000bea is 0 bytes after a block of size 130 alloc'd at notify_alloc (heap.c:279) by RtlAllocateHeap (heap.c:1521) by NetApiBufferAllocate (apibuf.c:41) by NetQueryDisplayInformation (access.c:657) by run_querydisplayinformation1_tests (access.c:184) by func_access (access.c:344) This can be reproduced locally by setting up valgrind as described in http://wiki.winehq.org/Valgrind and applying the heap tail check patch to wine, then running WINETEST_PLATFORM=wine WINE_HEAP_REDZONE=16 valgrind --trace-children=yes --track-origins=yes wine netapi32_test.exe.so access -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=20757 Bruno Jesus <00cpxxx(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |00cpxxx(a)gmail.com --- Comment #1 from Bruno Jesus <00cpxxx(a)gmail.com> 2012-05-10 19:05:50 CDT --- Dan, I have tried this command inside the dlls/netapi32/tests: WINETEST_PLATFORM=wine WINE_HEAP_REDZONE=16 valgrind --trace-children=yes --track-origins=yes --leak-check=full wine netapi32_test.exe.so access Here are my results: ==31279== LEAK SUMMARY: ==31279== definitely lost: 0 bytes in 0 blocks ==31279== indirectly lost: 120 bytes in 10 blocks ==31279== possibly lost: 20 bytes in 1 blocks ==31279== still reachable: 22,495 bytes in 53 blocks ==31279== suppressed: 6,522 bytes in 43 blocks Is this the right way to do it? Is it fixed since your original message didn't appear? If that is not the right way to test please tell how to do it properly. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=20757 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #2 from Austin English <austinenglish(a)gmail.com> --- I only get: ==5513== 22 bytes in 1 blocks are possibly lost in loss record 26 of 92 ==5513== at 0x7BC4C735: notify_alloc (heap.c:255) ==5513== by 0x7BC50F79: RtlAllocateHeap (heap.c:1716) ==5513== by 0x4EA7675: ??? ==5513== by 0x4EAC762: ??? ==5513== by 0x4965F8A: run_localgroupgetinfo_tests (access.c:345) ==5513== by 0x49661F8: func_access (access.c:381) ==5513== by 0x49688C0: run_test (test.h:584) ==5513== by 0x4968CAF: main (test.h:654) ==5513== in wine-1.7.17-92-ge2bf516. Marking WORKSFORME. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=20757 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Austin English <austinenglish(a)gmail.com> --- Closing. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org