https://bugs.winehq.org/show_bug.cgi?id=37129 Bug ID: 37129 Summary: Clang Static Analyzer: Buffer overflow Product: Wine Version: 1.7.22 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: lukebenes(a)hotmail.com Clang Static Analyzer identifies a possible buffer overflow File: tools/widl/typegen.c Location: line 1158, column 28 Description: String copy function overflows destination buffer static unsigned int write_new_procformatstring_type(...) { char buffer[64]; ... strcpy( buffer, "/* flags:" ); if (flags & MustSize) strcat( buffer, " must size," ); if (flags & MustFree) strcat( buffer, " must free," ); if (flags & IsPipe) strcat( buffer, " pipe," ); if (flags & IsIn) strcat( buffer, " in," ); if (flags & IsOut) strcat( buffer, " out," ); if (flags & IsReturn) strcat( buffer, " return," ); if (flags & IsBasetype) strcat( buffer, " base type," ); if (flags & IsByValue) strcat( buffer, " by value," ); if (flags & IsSimpleRef) strcat( buffer, " simple ref," ); ... } Even if not all the conditions are true, you still risk getting a too lengthy string that won't suit the buffer. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.