https://bugs.winehq.org/show_bug.cgi?id=37953
Bug ID: 37953 Summary: stack overwrite in msvcrt functions Product: Wine Version: 1.7.34 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: msvcrt Assignee: wine-bugs@winehq.org Reporter: orion@cora.nwra.com Distribution: ---
Created attachment 50562 --> https://bugs.winehq.org/attachment.cgi?id=50562 buffer length patch
On Fedora, which is compiled with -fstack-protector-strong I was seeing:
trace:msvcrt:pf_printf_w Format is: L"\3577\6000\357e\6000\12d0\7704\eac4i\b53ci" trace:msvcrt:_lock (29) *** stack smashing detected ***: /export/home/orion/.wine/drive_c/Program Files/Adobe/Reader 10.0/Reader/AcroRd32.exe terminated ======= Backtrace: ========= /lib/libc.so.6(+0x4fd49ad9)[0xf73fdad9] /lib/libc.so.6(__fortify_fail+0x37)[0xf749c3d7] /lib/libc.so.6(+0x4fde839a)[0xf749c39a] /lib/wine/msvcr90.dll.so(+0x893f4)[0xf6e423f4] /lib/wine/msvcr90.dll.so(+0x453a5)[0xf6dfe3a5] /lib/wine/msvcr90.dll.so(+0x4547f)[0xf6dfe47f] /lib/wine/msvcr90.dll.so(+0x81e69)[0xf6e3ae69] /lib/wine/msvcr90.dll.so(MSVCRT_vfwprintf_s+0x7e)[0xf6e00fae] /lib/wine/msvcr90.dll.so(MSVCRT_vwprintf_s+0x35)[0xf6e01205] /lib/wine/msvcr90.dll.so(MSVCRT_wprintf_s+0x28)[0xf6e01828]
The attached patch fixes this by synchronizing the expected buffer length for MSVCRT__wctomb().
https://bugs.winehq.org/show_bug.cgi?id=37953
Michael Cronenworth mike@cchtml.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mike@cchtml.com
https://bugs.winehq.org/show_bug.cgi?id=37953
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
https://bugs.winehq.org/show_bug.cgi?id=37953
--- Comment #1 from Austin English austinenglish@gmail.com --- Patches should be sent to wine-patches@winehq.org, they aren't picked up from bugzilla.
See http://wiki.winehq.org/SubmittingPatches for more info.
https://bugs.winehq.org/show_bug.cgi?id=37953
--- Comment #2 from Orion Poplawski orion@cora.nwra.com --- Okay, I've sent the patch there.
https://bugs.winehq.org/show_bug.cgi?id=37953
Piotr Caban piotr.caban@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |8bf17329625320b45d6742feed4 | |3771dd3306291 Status|UNCONFIRMED |RESOLVED CC| |piotr.caban@gmail.com Resolution|--- |FIXED
--- Comment #3 from Piotr Caban piotr.caban@gmail.com --- The patch was committed. Marking as fixed.
https://bugs.winehq.org/show_bug.cgi?id=37953
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.36.
-
wine-bugs@winehq.org