Module: wine Branch: stable Commit: 98827fd7aeb19f810bec5cc2ddb08ea5efe99e49 URL: https://gitlab.winehq.org/wine/wine/-/commit/98827fd7aeb19f810bec5cc2ddb08ea...
Author: Paul Gofman pgofman@codeweavers.com Date: Fri Apr 21 19:19:20 2023 -0600
ntdll: Avoid integer overflow in block_get_subheap().
(cherry picked from commit 27c4c64c367f47fe7914c5c87596e6cf3501dbd6)
---
dlls/ntdll/heap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/ntdll/heap.c b/dlls/ntdll/heap.c index aafbbd0f523..e71c11506de 100644 --- a/dlls/ntdll/heap.c +++ b/dlls/ntdll/heap.c @@ -260,7 +260,7 @@ static inline void block_set_type( struct block *block, UINT type ) static inline SUBHEAP *block_get_subheap( const struct heap *heap, const struct block *block ) { char *offset = ROUND_ADDR( block, REGION_ALIGN - 1 ); - void *base = offset - block->base_offset * REGION_ALIGN; + void *base = offset - (SIZE_T)block->base_offset * REGION_ALIGN; if (base != (void *)heap) return base; else return (SUBHEAP *)&heap->subheap; }