New subject: [Bug 20849] read buffer overflow in CRYPT_RemoveStringFromMultiString() triggered by crypt32/tests/oid.c

28 Nov 2009


      http://bugs.winehq.org/show_bug.cgi?id=20849
Summary: read buffer overflow in
                    CRYPT_RemoveStringFromMultiString() triggered by
                    crypt32/tests/oid.c
           Product: Wine
           Version: 1.1.33
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: source, testcase
          Severity: normal
          Priority: P2
         Component: crypt32
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: dank@kegel.com
http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-crypt32_oid.txt
says
 Invalid read of size 1
   at  memmove (mc_replace_strmem.c:613)
   by  CRYPT_RemoveStringFromMultiString (oid.c:885)
   by  CryptUnregisterDefaultOIDFunction (oid.c:1010)
   by  test_registerDefaultOIDFunction (oid.c:437)
   by  func_oid (oid.c:601)
   by  run_test (test.h:535)
   by  main (test.h:585)
 Address 0x7f040ed4 is 0 bytes after a block of size 44 alloc'd
   at  notify_alloc (heap.c:279)
   by  RtlAllocateHeap (heap.c:1521)
   by  CryptMemAlloc (main.c:125)
   by  CRYPT_GetDefaultOIDDlls (oid.c:930)
   by  CryptUnregisterDefaultOIDFunction (oid.c:1009)
   by  test_registerDefaultOIDFunction (oid.c:437)
This is near the code changed in
  http://www.winehq.org/pipermail/wine-cvs/2009-November/061282.html
The error persists with the latest wine sources.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

[Bug 20849] New: read buffer overflow in CRYPT_RemoveStringFromMultiString() triggered by crypt32/tests/oid.c