http://bugs.winehq.org/show_bug.cgi?id=20884 Summary: Write buffer overrun in LsaLookupNames2? Product: Wine Version: 1.1.33 Platform: PC OS/Version: Linux Status: NEW Keywords: download, source, testcase Severity: normal Priority: P2 Component: advapi32 AssignedTo: wine-bugs(a)winehq.org ReportedBy: dank(a)kegel.com First posted in http://www.winehq.org/pipermail/wine-devel/2009-November/079920.html I don't think anyone's posted a fix... Still present today, see http://kegel.com/wine/valgrind/logs/2009-11-27-12.53/vg-advapi32_lsa.txt Invalid write of size 1 at memmove (mc_replace_strmem.c:613) by RtlCopySid (sec.c:376) by CopySid (security.c:905) by lookup_local_wellknown_name (security.c:2800) by lookup_name (lsa.c:308) by LsaLookupNames2 (lsa.c:411) by test_LsaLookupNames2 (lsa.c:336) by func_lsa (lsa.c:362) Address 0x7f03c550 is 6 bytes after a block of size 26 alloc'd at notify_alloc (heap.c:279) by RtlAllocateHeap (heap.c:1521) by LsaLookupNames2 (lsa.c:402) by test_LsaLookupNames2 (lsa.c:336) by func_lsa (lsa.c:362) Looks like LsaLookupNames2() is at fault, the allocation at line 402 should be the size promised at line 411? -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.