[Bug 57929] New: Illegal pointer may be dereferenced

8 Mar 2025


      https://bugs.winehq.org/show_bug.cgi?id=57929
Bug ID: 57929
           Summary: Illegal pointer may be dereferenced
           Product: Wine
           Version: unspecified
          Hardware: x86-64
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: win32u
          Assignee: wine-bugs@winehq.org
          Reporter: 1367173408@qq.com
      Distribution: ---
Created attachment 78182
  --> https://bugs.winehq.org/attachment.cgi?id=78182
execution trace
I have found a risk that an illegal pointer may be dereferenced.
At line 119 in file `dlls/win32u/ntgdi_private.h`, the function `pop_dc_driver`
may return NULL.
At line 750 in file `dlls/win32u/path.c`, the return value of `pop_dc_driver`,
which may be NULL, is used as a real argument of call for `pDeleteDC`
(`pathdrv_DeleteDC`).
Then, as shown by step 3 and 4 in the attached image, a illegal address may be
returned by function `get_path_physdev`, because `dev` is NULL value (0) and
`offsetof(type, field)` is subtracted from it.
Finally, as shown by step 5, the illegal pointer may be dereferenced, which may
cause unexpected application behavior or crashes.
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 57929] New: Illegal pointer may be dereferenced