http://bugs.winehq.org/show_bug.cgi?id=28796
Bug #: 28796 Summary: ntdll: read buffer overrun in lookup_manifest_file Product: Wine Version: 1.3.30 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com Classification: Unclassified
Running "make imagelist.ok" in comctl32, valgrind complains
Use of uninitialised value of size 4 at tolowerW (unicode.h:123) by strcmpiW (string.c:32) by lookup_manifest_file (actctx.c:1880) by RtlCreateActivationContext (actctx.c:1945) by CreateActCtxW (actctx.c:127) by CreateActCtxA (actctx.c:105) by load_v6_module (v6util.h:126) by func_header (header.c:1846) by run_test (test.h:556) by main (test.h:624) Uninitialised value was created by a stack allocation at lookup_manifest_file (actctx.c:1822)
The code assumes incorrectly that FileName is nul-terminated. Patch sent, http://www.winehq.org/pipermail/wine-patches/2011-October/107899.html but rejected, so filing bug until I have a chance to look at it again.
http://bugs.winehq.org/show_bug.cgi?id=28796
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |3aed056b72697f6a0ac6884331f | |896740093b513 Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #1 from Austin English austinenglish@gmail.com 2011-10-19 14:11:05 CDT --- Fixed by http://source.winehq.org/git/wine.git/commitdiff/3aed056b72697f6a0ac6884331f...
http://bugs.winehq.org/show_bug.cgi?id=28796
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from Alexandre Julliard julliard@winehq.org 2011-10-21 13:50:09 CDT --- Closing bugs fixed in 1.3.31.
-
wine-bugs@winehq.org