Module: wine Branch: master Commit: 96b6e1d77cbcd4c7daa36fb010ed64fbae0694f3 URL: https://source.winehq.org/git/wine.git/?a=commit;h=96b6e1d77cbcd4c7daa36fb01...
Author: Jeff Smith whydoubt@gmail.com Date: Thu Nov 21 07:04:21 2019 -0600
msvcrt: Range-check fields used as array indices in _Strftime.
Signed-off-by: Jeff Smith whydoubt@gmail.com Signed-off-by: Piotr Caban piotr@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/msvcrt/time.c | 16 ++++++++++++++++ dlls/ucrtbase/tests/misc.c | 2 ++ 2 files changed, 18 insertions(+)
diff --git a/dlls/msvcrt/time.c b/dlls/msvcrt/time.c index ec728a1a30..68784db861 100644 --- a/dlls/msvcrt/time.c +++ b/dlls/msvcrt/time.c @@ -1076,6 +1076,14 @@ static inline BOOL strftime_format(STRFTIME_CHAR *str, MSVCRT_size_t *pos, MSVCR if(format[count] == ''') count++; break; case 'd': + if(count > 2) + { + if(!MSVCRT_CHECK_PMT(mstm->tm_wday>=0 && mstm->tm_wday<=6)) + { + *str = 0; + return FALSE; + } + } switch(count) { case 1: case 2: @@ -1092,6 +1100,14 @@ static inline BOOL strftime_format(STRFTIME_CHAR *str, MSVCRT_size_t *pos, MSVCR } break; case 'M': + if(count > 2) + { + if(!MSVCRT_CHECK_PMT(mstm->tm_mon>=0 && mstm->tm_mon<=11)) + { + *str = 0; + return FALSE; + } + } switch(count) { case 1: case 2: diff --git a/dlls/ucrtbase/tests/misc.c b/dlls/ucrtbase/tests/misc.c index ca4e16c9fa..bc667382e9 100644 --- a/dlls/ucrtbase/tests/misc.c +++ b/dlls/ucrtbase/tests/misc.c @@ -1000,6 +1000,8 @@ static void test_strftime(void) {"%x", "02/30/70", { 0, 0, 0, 30, 1, 70, 4, 0, 0 }}, {"%#x", "Thursday, January 01, 1970", { 0, 0, 0, 1, 0, 70, 4, 0, 0 }}, {"%#x", "Thursday, February 30, 1970", { 0, 0, 0, 30, 1, 70, 4, 0, 0 }}, + {"%#x", "", { 0, 0, 0, 30, 1, 70, 7, 0, 0 }}, + {"%#x", "", { 0, 0, 0, 30, 12, 70, 4, 0, 0 }}, {"%X", "00:00:00", { 0, 0, 0, 1, 0, 70, 4, 0, 0 }}, {"%X", "14:00:00", { 0, 0, 14, 1, 0, 70, 4, 0, 0 }}, {"%X", "23:59:60", { 60, 59, 23, 1, 0, 70, 4, 0, 0 }, TRUE},
-
Alexandre Julliard