[PATCH 0/1] MR2947: krnl386.exe16: Don't overflow when calculating size
The application again the bug, passed 1 as the elem parameter which doubled the memory being allocated. When it overflowed (became negative), the value was passed into GlobalAlloc16 which then failed. GlobalAlloc16 takes a DWORD parameter, so the value isn't going to be truncated. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53092 Original patch by github user cracyc for winevdm. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/2947
From: Alistair Leslie-Hughes <leslie_alistair(a)hotmail.com> The application again the bug, passed 1 as the elem parameter which doubled the memory being allocated. When it overflowed (became negative), the value was passed into GlobalAlloc16 which then failed. GlobalAlloc16 takes a DWORD parameter, so the value isn't going to be truncated. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53092 Original patch by github user cracyc for winevdm. --- dlls/krnl386.exe16/ne_segment.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dlls/krnl386.exe16/ne_segment.c b/dlls/krnl386.exe16/ne_segment.c index 3eb8bae2ff3..e455b118e23 100644 --- a/dlls/krnl386.exe16/ne_segment.c +++ b/dlls/krnl386.exe16/ne_segment.c @@ -945,7 +945,7 @@ static WORD NE_Ne2MemFlags(WORD flags) */ DWORD WINAPI MyAlloc16( WORD wFlags, WORD wSize, WORD wElem ) { - WORD size = wSize << wElem; + DWORD size = wSize << wElem; HANDLE16 hMem = 0; if (wSize || (wFlags & NE_SEGFLAGS_MOVEABLE)) -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/2947
participants (2)
-
Alistair Leslie-Hughes -
Alistair Leslie-Hughes (@alesliehughes)