[Bug 20840] New: Read buffer overflow in RtlValidAcl?

27 Nov 2009


      http://bugs.winehq.org/show_bug.cgi?id=20840
Summary: Read buffer overflow in RtlValidAcl?
           Product: Wine
           Version: 1.1.33
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: download, source, testcase
          Severity: normal
          Priority: P2
         Component: ntdll
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: dank@kegel.com
                CC: robertshearman@gmail.com
Valgrind complains in
http://kegel.com/wine/valgrind/logs/2009-11-26-06.08/vg-advapi32_security.tx...
that 'make test' has an error in advapi32/tests/security.c:
 Invalid read of size 2
    at  RtlValidAcl (sec.c:1331)
    by  IsValidAcl (security.c:1630)
    by  test_GetSecurityInfo (security.c:3160)
  Address 0x7f03791e is 2 bytes after a block of size 116 alloc'd
    at  notify_alloc (heap.c:247)
    by  RtlAllocateHeap (heap.c:1695)
    by  HeapAlloc (heap.c:276)
    by  GlobalAlloc (heap.c:369)
    by  LocalAlloc (heap.c:969)
    by  GetSecurityInfo (security.c:3087)
    by  test_GetSecurityInfo (security.c:3146)
The loop around line 1331 of advapi32/sec.c,
    for (i=0;i<=pAcl->AceCount;i++)
looks like it goes one further than most AceCount loops,
could that be the problem?
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 20840] New: Read buffer overflow in RtlValidAcl?