Module: wine Branch: master Commit: 956eea6b3100be81aa8dba5ef34ce9c8e0ed7214 URL: http://source.winehq.org/git/wine.git/?a=commit;h=956eea6b3100be81aa8dba5ef3...

Author: Jacek Caban jacek@codeweavers.com Date: Fri Aug 14 19:25:57 2009 +0200

dbghelp: Fixed buffer overflow in stabs_parse.

---

dlls/dbghelp/stabs.c | 28 +++++++++++++++++++--------- 1 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/dlls/dbghelp/stabs.c b/dlls/dbghelp/stabs.c index 348a7aa..33b815a 100644 --- a/dlls/dbghelp/stabs.c +++ b/dlls/dbghelp/stabs.c @@ -1258,6 +1258,21 @@ static void stabs_finalize_function(struct module* module, struct symt_function* if (size) func->size = size; }

+static inline void stabbuf_append(char **buf, unsigned *buf_size, const char *str) +{ + unsigned str_len, buf_len; + + str_len = strlen(str); + buf_len = strlen(*buf); + + if(str_len+buf_len >= *buf_size) { + *buf_size += buf_len + str_len; + *buf = HeapReAlloc(GetProcessHeap(), 0, *buf, *buf_size); + } + + strcpy(*buf+buf_len, str); +} + BOOL stabs_parse(struct module* module, unsigned long load_offset, const void* pv_stab_ptr, int stablen, const char* strs, int strtablen, @@ -1317,18 +1332,12 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset, * next record. Repeat the process until we find a stab without the * '/' character, as this indicates we have the whole thing. */ - unsigned len = strlen(ptr); - if (strlen(stabbuff) + len > stabbufflen) - { - stabbufflen *= 2; - stabbuff = HeapReAlloc(GetProcessHeap(), 0, stabbuff, stabbufflen); - } - strncat(stabbuff, ptr, len - 1); + stabbuf_append(&stabbuff, &stabbufflen, ptr); continue; } else if (stabbuff[0] != '\0') { - strcat(stabbuff, ptr); + stabbuf_append(&stabbuff, &stabbufflen, ptr); ptr = stabbuff; }

@@ -1355,7 +1364,8 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset, */ if (ptr != stabbuff) { - strcpy(stabbuff, ptr); + stabbuff[0] = 0; + stabbuf_append(&stabbuff, &stabbufflen, ptr); ptr = stabbuff; } stab_strcpy(symname, sizeof(symname), ptr);