[PATCH v2 0/1] MR7925: gdi32: Limit source string length in logfont_AtoW (ASan). - Wine-gitlab - list.winehq.org

newer
[PATCH v3 0/1] MR7925: gdi32:...

[PATCH v2 0/1] MR7925: gdi32: Limit source string length in logfont_AtoW (ASan).

older
[PATCH 0/1] MR4635: ntdll: Avoid...

Alex Henrie (＠alexhenrie)

28 Apr 2025 28 Apr '25

3:27 a.m.

test_logfont in dlls/gdi32/tests/font.c calls CreateFontIndirectA with a non-null-terminated font name and expects it to not crash. -- v2: gdi32: Limit source string length in logfont_AtoW (ASan). https://gitlab.winehq.org/wine/wine/-/merge_requests/7925

Reply

Sign in to reply online Use email software

Show replies by date

Alex Henrie

28 Apr 28 Apr

3:27 a.m.

New subject: [PATCH v2 1/1] gdi32: Limit source string length in logfont_AtoW (ASan).

From: Alex Henrie <alexhenrie24(a)gmail.com> test_logfont in dlls/gdi32/tests/font.c calls CreateFontIndirectA with a non-null-terminated font name and expects it to not crash. --- dlls/gdi32/text.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dlls/gdi32/text.c b/dlls/gdi32/text.c index 6be622a2312..d5ada5d9200 100644 --- a/dlls/gdi32/text.c +++ b/dlls/gdi32/text.c @@ -781,8 +781,8 @@ static void text_metric_ex_WtoA(const NEWTEXTMETRICEXW *tmW, NEWTEXTMETRICEXA *t static void logfont_AtoW( const LOGFONTA *fontA, LPLOGFONTW fontW ) { memcpy( fontW, fontA, sizeof(LOGFONTA) - LF_FACESIZE ); - MultiByteToWideChar( CP_ACP, 0, fontA->lfFaceName, -1, fontW->lfFaceName, - LF_FACESIZE ); + MultiByteToWideChar( CP_ACP, 0, fontA->lfFaceName, LF_FACESIZE - 1, + fontW->lfFaceName, LF_FACESIZE - 1 ); fontW->lfFaceName[LF_FACESIZE - 1] = 0; } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/7925

Reply

Sign in to reply online Use email software

Alexandre Julliard (＠julliard)

29 Apr 29 Apr

8:40 p.m.

Alexandre Julliard (@julliard) commented about dlls/gdi32/text.c:

static void logfont_AtoW( const LOGFONTA *fontA, LPLOGFONTW fontW ) { memcpy( fontW, fontA, sizeof(LOGFONTA) - LF_FACESIZE ); - MultiByteToWideChar( CP_ACP, 0, fontA->lfFaceName, -1, fontW->lfFaceName, - LF_FACESIZE ); + MultiByteToWideChar( CP_ACP, 0, fontA->lfFaceName, LF_FACESIZE - 1, + fontW->lfFaceName, LF_FACESIZE - 1 ); This would convert potentially uninitialized data.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/7925#note_102172

Reply

Sign in to reply online Use email software

Alex Henrie (＠alexhenrie)

30 Apr 30 Apr

4:41 a.m.

On Wed Apr 30 04:43:09 2025 +0000, Alexandre Julliard wrote:

This would convert potentially uninitialized data. We'd better use strnlen then.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/7925#note_102202

Reply

Sign in to reply online Use email software

228

Age (days ago)

230

Last active (days ago)

Download

3 comments

3 participants

tags

participants (3)

Alex Henrie
Alex Henrie (＠alexhenrie)
Alexandre Julliard (＠julliard)