[PATCH v3 0/1] MR7925: gdi32: Limit source string length in logfont_AtoW (ASan). - Wine-gitlab - list.winehq.org

newer
[PATCH v27 0/1] MR7843: cmd:...

[PATCH v3 0/1] MR7925: gdi32: Limit source string length in logfont_AtoW (ASan).

older
[PATCH v2 0/1] MR7925: gdi32:...

Alex Henrie (＠alexhenrie)

29 Apr 2025 29 Apr '25

11:42 p.m.

test_logfont in dlls/gdi32/tests/font.c calls CreateFontIndirectA with a non-null-terminated font name and expects it to not crash. -- v3: gdi32: Limit source string length in logfont_AtoW (ASan). https://gitlab.winehq.org/wine/wine/-/merge_requests/7925

Reply

Sign in to reply online Use email software

Show replies by date

Alex Henrie

29 Apr 29 Apr

11:42 p.m.

New subject: [PATCH v3 1/1] gdi32: Limit source string length in logfont_AtoW (ASan).

From: Alex Henrie <alexhenrie24(a)gmail.com> test_logfont in dlls/gdi32/tests/font.c calls CreateFontIndirectA with a non-null-terminated font name and expects it to not crash. --- dlls/gdi32/text.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dlls/gdi32/text.c b/dlls/gdi32/text.c index 6be622a2312..070714a30c6 100644 --- a/dlls/gdi32/text.c +++ b/dlls/gdi32/text.c @@ -781,8 +781,9 @@ static void text_metric_ex_WtoA(const NEWTEXTMETRICEXW *tmW, NEWTEXTMETRICEXA *t static void logfont_AtoW( const LOGFONTA *fontA, LPLOGFONTW fontW ) { memcpy( fontW, fontA, sizeof(LOGFONTA) - LF_FACESIZE ); - MultiByteToWideChar( CP_ACP, 0, fontA->lfFaceName, -1, fontW->lfFaceName, - LF_FACESIZE ); + MultiByteToWideChar( CP_ACP, 0, fontA->lfFaceName, + strnlen(fontA->lfFaceName, LF_FACESIZE - 1), + fontW->lfFaceName, LF_FACESIZE - 1 ); fontW->lfFaceName[LF_FACESIZE - 1] = 0; } -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/7925

Reply

Sign in to reply online Use email software

229

Age (days ago)

229

Last active (days ago)

Download

1 comments

2 participants

tags

participants (2)

Alex Henrie
Alex Henrie (＠alexhenrie)