[Bug 20849] New: read buffer overflow in CRYPT_RemoveStringFromMultiString() triggered by crypt32/tests/oid.c

28 Nov 2009


      http://bugs.winehq.org/show_bug.cgi?id=20849
Summary: read buffer overflow in
                    CRYPT_RemoveStringFromMultiString() triggered by
                    crypt32/tests/oid.c
           Product: Wine
           Version: 1.1.33
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: source, testcase
          Severity: normal
          Priority: P2
         Component: crypt32
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: dank@kegel.com
http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-crypt32_oid.txt
says
 Invalid read of size 1
   at  memmove (mc_replace_strmem.c:613)
   by  CRYPT_RemoveStringFromMultiString (oid.c:885)
   by  CryptUnregisterDefaultOIDFunction (oid.c:1010)
   by  test_registerDefaultOIDFunction (oid.c:437)
   by  func_oid (oid.c:601)
   by  run_test (test.h:535)
   by  main (test.h:585)
 Address 0x7f040ed4 is 0 bytes after a block of size 44 alloc'd
   at  notify_alloc (heap.c:279)
   by  RtlAllocateHeap (heap.c:1521)
   by  CryptMemAlloc (main.c:125)
   by  CRYPT_GetDefaultOIDDlls (oid.c:930)
   by  CryptUnregisterDefaultOIDFunction (oid.c:1009)
   by  test_registerDefaultOIDFunction (oid.c:437)
This is near the code changed in
  http://www.winehq.org/pipermail/wine-cvs/2009-November/061282.html
The error persists with the latest wine sources.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 20849] New: read buffer overflow in CRYPT_RemoveStringFromMultiString() triggered by crypt32/tests/oid.c