http://bugs.winehq.org/show_bug.cgi?id=21355 Summary: Need heap overrun detection Product: Wine Version: 1.1.36 Platform: x86 OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs(a)winehq.org ReportedBy: dank(a)kegel.com Microsoft Windows XP obeys a number of flags that turn on additional heap sanity checks which detect write-past-end and write-after-free of heap allocations. Wine should implement similar overrun detection; apps that overrun their heap buffers should either get an error from the heap call, or optionally be terminated aggressively, if we're feeling really strict (I think Windows 7 does this). Furthermore, Wine's heap code should contain Valgrind annotations to let Valgrind produce good error messages even on read-after-free or read overrun errors. Patches to implement most of this are in use today in the wine valgrind bot at http://kegel.com/wine/valgrind/logs and in the chromium continuous build and test bot. Here are the latest version of these patches: (basic check-whether-unused-bytes-were-modified) http://www.winehq.org/pipermail/wine-patches/2010-January/083609.html http://www.winehq.org/pipermail/wine-patches/2010-January/083610.html http://www.winehq.org/pipermail/wine-patches/2010-January/083611.html (add 8 byte redzone to each allocation; can be increased, as sometimes 32 byte redzones catch more bugs.) http://www.winehq.org/pipermail/wine-patches/2009-November/081804.html (use-after-free check) http://www.winehq.org/pipermail/wine-patches/2009-November/081855.html I've been trying to get these committed, but so far without much luck. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.