On Tue, Sep 21, 2010 at 08:34:33AM +0100, Reece Dunn wrote:
On 20 September 2010 17:51, Mike Frysinger vapier@gentoo.org wrote:
well, i dont think this issue is limited to shell32. it's just the only one to hit it atm. what about my other patch i posted ? http://www.winehq.org/pipermail/wine-patches/2010-September/093377.html
How does fortify work?
It detects the structure size.
See http://blogs.msdn.com/b/oldnewthing/archive/2004/08/26/220873.aspx for information on how to allocate these structures. Specifically:
PTOKEN_GROUPS TokenGroups = malloc(FIELD_OFFSET(TOKEN_GROUPS,Groups[NumberOfGroups]));
The article explains that:
PTOKEN_GROUPS TokenGroups = malloc(sizeof(TOKEN_GROUPS) +NumberOfGroups * sizeof(SID_AND_ATTRIBUTES));
crashes on 64-bit platforms with STATUS_DATATYPE_MISALIGNMENT due to the data being placed on a 4-byte, not 8-byte, boundary.
Is the shell32 code running into something similar -- that is, are the calculations for the allocated memory blocks using these ANYSIZE_ARRAY structures wrong?
No, its just that the structure is embedded in another structure and gcc 4.5 only looks at the size of the inner structure for these variable array, and so does not see it is large enough allocated.
(It is kinda in a gray area, but I am tending towards gcc a bit wrong.)
Ciao, Marcus