http://bugs.winehq.org/show_bug.cgi?id=20840
Summary: Read buffer overflow in RtlValidAcl? Product: Wine Version: 1.1.33 Platform: PC OS/Version: Linux Status: NEW Keywords: download, source, testcase Severity: normal Priority: P2 Component: ntdll AssignedTo: wine-bugs@winehq.org ReportedBy: dank@kegel.com CC: robertshearman@gmail.com
Valgrind complains in http://kegel.com/wine/valgrind/logs/2009-11-26-06.08/vg-advapi32_security.tx... that 'make test' has an error in advapi32/tests/security.c: Invalid read of size 2 at RtlValidAcl (sec.c:1331) by IsValidAcl (security.c:1630) by test_GetSecurityInfo (security.c:3160) Address 0x7f03791e is 2 bytes after a block of size 116 alloc'd at notify_alloc (heap.c:247) by RtlAllocateHeap (heap.c:1695) by HeapAlloc (heap.c:276) by GlobalAlloc (heap.c:369) by LocalAlloc (heap.c:969) by GetSecurityInfo (security.c:3087) by test_GetSecurityInfo (security.c:3146)
The loop around line 1331 of advapi32/sec.c, for (i=0;i<=pAcl->AceCount;i++) looks like it goes one further than most AceCount loops, could that be the problem?
http://bugs.winehq.org/show_bug.cgi?id=20840
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #1 from Nikolay Sivov bunglehead@gmail.com 2010-01-08 12:16:04 --- This is fixed by commit f2f50f18dc1a6fab7a0ec68d8e8764e0f3399481.
http://bugs.winehq.org/show_bug.cgi?id=20840
Jeff Zaroyko jeffz@jeffz.name changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from Jeff Zaroyko jeffz@jeffz.name 2010-01-09 04:47:25 --- Closing bugs fixed in 1.1.36.