[PATCH 0/1] MR7134: kernel32/tests: Avoid stack-buffer-overflow in get_com_dir_size. (ASan)
Function gets called with Magic == 0xdead, which causes the test to use the 64-bit path, which results in this buffer overflow. Signed-off-by: Nikolay Sivov <nsivov(a)codeweavers.com> -- https://gitlab.winehq.org/wine/wine/-/merge_requests/7134
From: Bernhard Übelacker <bernhardu(a)mailbox.org> Function gets called with Magic == 0xdead, which causes the test to use the 64-bit path, which results in this buffer overflow. Signed-off-by: Nikolay Sivov <nsivov(a)codeweavers.com> --- dlls/kernel32/tests/loader.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dlls/kernel32/tests/loader.c b/dlls/kernel32/tests/loader.c index 9b0f8f6bff2..0871ae3b57f 100644 --- a/dlls/kernel32/tests/loader.c +++ b/dlls/kernel32/tests/loader.c @@ -584,8 +584,10 @@ static UINT get_com_dir_size( const IMAGE_NT_HEADERS *nt ) { if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) return ((const IMAGE_NT_HEADERS32 *)nt)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size; - else + else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) return ((const IMAGE_NT_HEADERS64 *)nt)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size; + else + return 0; } /* helper to test image section mapping */ -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/7134
participants (2)
-
Bernhard Übelacker -
Nikolay Sivov (@nsivov)