[PATCH 9/9] programs/winedbg: protect fetch_float() in CPU backends against buffer overflow

Signed-off-by: Eric Pouech eric.pouech@gmail.com

--- programs/winedbg/be_arm.c | 1 + programs/winedbg/be_arm64.c | 1 + programs/winedbg/be_i386.c | 1 + programs/winedbg/be_x86_64.c | 1 + 4 files changed, 4 insertions(+)

diff --git a/programs/winedbg/be_arm.c b/programs/winedbg/be_arm.c index 3bf5771439c..451eb50e772 100644 --- a/programs/winedbg/be_arm.c +++ b/programs/winedbg/be_arm.c @@ -1859,6 +1859,7 @@ static BOOL be_arm_fetch_float(const struct dbg_lvalue* lvalue, unsigned size, d /* FIXME: this assumes that debuggee and debugger use the same * representation for reals */ + if (size > sizeof(tmp)) return FALSE; if (!memory_read_value(lvalue, size, tmp)) return FALSE;

if (size == sizeof(float)) *ret = *(float*)tmp; diff --git a/programs/winedbg/be_arm64.c b/programs/winedbg/be_arm64.c index d7611ba75de..aaf6ecf0bb6 100644 --- a/programs/winedbg/be_arm64.c +++ b/programs/winedbg/be_arm64.c @@ -256,6 +256,7 @@ static BOOL be_arm64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size, /* FIXME: this assumes that debuggee and debugger use the same * representation for reals */ + if (size > sizeof(tmp)) return FALSE; if (!memory_read_value(lvalue, size, tmp)) return FALSE;

if (size == sizeof(float)) *ret = *(float*)tmp; diff --git a/programs/winedbg/be_i386.c b/programs/winedbg/be_i386.c index e7a1dd9d460..3bb7b9b4240 100644 --- a/programs/winedbg/be_i386.c +++ b/programs/winedbg/be_i386.c @@ -805,6 +805,7 @@ static BOOL be_i386_fetch_float(const struct dbg_lvalue* lvalue, unsigned size, /* FIXME: this assumes that debuggee and debugger use the same * representation for reals */ + if (size > sizeof(tmp)) return FALSE; if (!memory_read_value(lvalue, size, tmp)) return FALSE;

if (size == sizeof(float)) *ret = *(float*)tmp; diff --git a/programs/winedbg/be_x86_64.c b/programs/winedbg/be_x86_64.c index 4920bf2d0ca..45c01a70594 100644 --- a/programs/winedbg/be_x86_64.c +++ b/programs/winedbg/be_x86_64.c @@ -727,6 +727,7 @@ static BOOL be_x86_64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size /* FIXME: this assumes that debuggee and debugger use the same * representation for reals */ + if (size > sizeof(tmp)) return FALSE; if (!memory_read_value(lvalue, size, tmp)) return FALSE;

if (size == sizeof(float)) *ret = *(float*)tmp;