Module: wine Branch: oldstable Commit: 4a4acbe9777ed3c6d045f771000a7d73f0233488 URL: https://source.winehq.org/git/wine.git/?a=commit;h=4a4acbe9777ed3c6d045f7710... Author: Alexandre Julliard <julliard(a)winehq.org> Date: Tue Jun 9 18:34:00 2020 +0200 ntdll: Avoid overflowing the command line buffer. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=49314 Signed-off-by: Alexandre Julliard <julliard(a)winehq.org> (cherry picked from commit a240abf12b615a50105e4567951df7c1e01d5a03) Conflicts: dlls/ntdll/env.c Signed-off-by: Michael Stefaniuc <mstefani(a)winehq.org> --- dlls/ntdll/env.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/dlls/ntdll/env.c b/dlls/ntdll/env.c index d7010cf8b7f..ae82f702763 100644 --- a/dlls/ntdll/env.c +++ b/dlls/ntdll/env.c @@ -800,8 +800,7 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline ) len = 1; for (arg = argv; *arg; arg++) len += 3 + 2 * strlenW( *arg ); - cmdline->MaximumLength = len * sizeof(WCHAR); - if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, cmdline->MaximumLength ))) return; + if (!(cmdline->Buffer = RtlAllocateHeap( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) return; p = cmdline->Buffer; for (arg = argv; *arg; arg++) @@ -847,7 +846,13 @@ static void build_command_line( WCHAR **argv, UNICODE_STRING *cmdline ) } if (p > cmdline->Buffer) p--; /* remove last space */ *p = 0; + if (p - cmdline->Buffer >= 32767) + { + ERR( "command line too long (%u)\n", (DWORD)(p - cmdline->Buffer) ); + NtTerminateProcess( GetCurrentProcess(), 1 ); + } cmdline->Length = (p - cmdline->Buffer) * sizeof(WCHAR); + cmdline->MaximumLength = cmdline->Length + sizeof(WCHAR); }