https://bugs.winehq.org/show_bug.cgi?id=37953
Bug ID: 37953 Summary: stack overwrite in msvcrt functions Product: Wine Version: 1.7.34 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: msvcrt Assignee: wine-bugs@winehq.org Reporter: orion@cora.nwra.com Distribution: ---
Created attachment 50562 --> https://bugs.winehq.org/attachment.cgi?id=50562 buffer length patch
On Fedora, which is compiled with -fstack-protector-strong I was seeing:
trace:msvcrt:pf_printf_w Format is: L"\3577\6000\357e\6000\12d0\7704\eac4i\b53ci" trace:msvcrt:_lock (29) *** stack smashing detected ***: /export/home/orion/.wine/drive_c/Program Files/Adobe/Reader 10.0/Reader/AcroRd32.exe terminated ======= Backtrace: ========= /lib/libc.so.6(+0x4fd49ad9)[0xf73fdad9] /lib/libc.so.6(__fortify_fail+0x37)[0xf749c3d7] /lib/libc.so.6(+0x4fde839a)[0xf749c39a] /lib/wine/msvcr90.dll.so(+0x893f4)[0xf6e423f4] /lib/wine/msvcr90.dll.so(+0x453a5)[0xf6dfe3a5] /lib/wine/msvcr90.dll.so(+0x4547f)[0xf6dfe47f] /lib/wine/msvcr90.dll.so(+0x81e69)[0xf6e3ae69] /lib/wine/msvcr90.dll.so(MSVCRT_vfwprintf_s+0x7e)[0xf6e00fae] /lib/wine/msvcr90.dll.so(MSVCRT_vwprintf_s+0x35)[0xf6e01205] /lib/wine/msvcr90.dll.so(MSVCRT_wprintf_s+0x28)[0xf6e01828]
The attached patch fixes this by synchronizing the expected buffer length for MSVCRT__wctomb().