[PATCH 0/1] MR8312: rpcrt4/tests: Fix out-of-bound write in test_pointer_marshal.
In case of FC_POINTER_DEREF, we write a pointer into mem, so we need to allocate at least sizeof(pointer). -- https://gitlab.winehq.org/wine/wine/-/merge_requests/8312
From: Yuxuan Shui <yshui(a)codeweavers.com> In case of FC_POINTER_DEREF, we write a pointer into mem, so we need to allocate at least sizeof(pointer). --- dlls/rpcrt4/tests/ndr_marshall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/rpcrt4/tests/ndr_marshall.c b/dlls/rpcrt4/tests/ndr_marshall.c index b30750fca4c..8b0e1c270a7 100644 --- a/dlls/rpcrt4/tests/ndr_marshall.c +++ b/dlls/rpcrt4/tests/ndr_marshall.c @@ -256,7 +256,7 @@ static void test_pointer_marshal(const unsigned char *formattypes, ok(size == srcsize + (srcsize == 8 ? 8 : sizeof(void *)), "%s: mem size %lu\n", msgpfx, size); size = srcsize; - if (formattypes[1] & FC_POINTER_DEREF) size += 4; + if (formattypes[1] & FC_POINTER_DEREF) size += sizeof(void *); StubMsg.Buffer = StubMsg.BufferStart; StubMsg.MemorySize = 0; -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/8312
This merge request was approved by Huw Davies. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/8312
participants (3)
-
Huw Davies (@huw) -
Yuxuan Shui
-
Yuxuan Shui (@yshui)