[Bug 58340] New: dbghelp: symt_add_func_line, possible use after free.
http://bugs.winehq.org/show_bug.cgi?id=58340 Bug ID: 58340 Summary: dbghelp: symt_add_func_line, possible use after free. Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: dbghelp Assignee: wine-bugs(a)winehq.org Reporter: bernhardu(a)mailbox.org Distribution: --- ASan reports function `symt_add_func_line`. There in line 446 memory gets accessed via the pointer `prev` which got freed in `vector_add` by a HeapReAlloc. An example ASan output is available here: https://gitlab.winehq.org/bernhardu/wine/-/blob/asan-pe_2025-05-06_wine-10.8... This shows up only with ASAN_OPTION windows_hook_rtl_allocators=1. A possible solution might be simply to repeat the assignment of `prev` from line 429 after the `vector_add` in line 438? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58340 Eric Pouech <eric.pouech(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |eric.pouech(a)gmail.com --- Comment #1 from Eric Pouech <eric.pouech(a)gmail.com> --- thanks for catching this one I'd prefer moving /* clear previous last */ if (prev) prev->is_last = 0; just before if (!last_matches) (so that we have first half dealing with existing entries, and second half dealing with new entries) (for the record, regression introduced by 5c54087c4748324b1726fb8545dd90b3d80bc698) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58340 --- Comment #2 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- Thanks for the guidance, I submitted a merge request: https://gitlab.winehq.org/wine/wine/-/merge_requests/8241 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58340 Bernhard Übelacker <bernhardu(a)mailbox.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|unspecified |10.4 Resolution|--- |FIXED Fixed by SHA1| |8f3bcabbc6af0645ec46d1e18ce | |cca5dc832ebe6 Status|NEW |RESOLVED Distribution|--- |Debian Regression SHA1| |5c54087c4748324b1726fb8545d | |d90b3d80bc698 --- Comment #3 from Bernhard Übelacker <bernhardu(a)mailbox.org> --- Merge request got committed, resolving fixed. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=58340 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 10.10. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla