[Bug 45105] New: heap-buffer overflow in gdi32
https://bugs.winehq.org/show_bug.cgi?id=45105 Bug ID: 45105 Summary: heap-buffer overflow in gdi32 Product: Wine Version: 3.7 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: gdi32 Assignee: wine-bugs(a)winehq.org Reporter: robert.gawlik(a)rub.de Distribution: --- Created attachment 61284 --> https://bugs.winehq.org/attachment.cgi?id=61284 affected source code Original submitted report can be found here: https://bugs.launchpad.net/ubuntu/+source/wine/+bug/1764719 The attachment also contains more details. If more info is needed, please let me know! -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45105 Jens Reyer <jre.winesim(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jre.winesim(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45105 tokktokk <fdsfgs(a)krutt.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs(a)krutt.org -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45105 Vincent Povirk <madewokherd(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |madewokherd(a)gmail.com --- Comment #1 from Vincent Povirk <madewokherd(a)gmail.com> --- Lack of bounds checking is a more general problem in PlayEnhMetaFileRecord. We don't check that the record itself is large enough for all its fields, or that other variable-length fields fit. I think it might be better to do the bounds checking in EnumEnhMetaFile. It's unreasonable to expect individual applications to do exhaustive bounds checking in their own enum callbacks. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45105 Marcus Meissner <marcus(a)jet.franken.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marcus(a)jet.franken.de -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45105 Marcus Meissner <marcus(a)jet.franken.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|heap-buffer overflow in |heap-buffer overflow in |gdi32 |gdi32 (CVE-2018-12932) --- Comment #2 from Marcus Meissner <marcus(a)jet.franken.de> --- Vincent committed at least these two patches: https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aef... https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45105 Esme Povirk <madewokherd(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Fixed by SHA1| |1f04c5c7dec21efd8771e1f4c32 | |e24a18ce9847c Resolution|--- |FIXED --- Comment #3 from Esme Povirk <madewokherd(a)gmail.com> --- Tested all sample files from the launchpad bug and got no crashes (previously, some of them logged access violations in unixlib code), so I think this is fixed. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=45105 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 9.16. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
wine-bugs@winehq.org -
WineHQ Bugzilla