Michael Günnewig wrote:
Changelog: Fixed use of uninitialized memory and wrong buffersize (found by valgrind).
Michael
--- dlls/avifil32/api.c.SAV 2003-09-20 16:14:45.000000000 +0200 +++ dlls/avifil32/api.c 2003-09-20 14:46:10.000000000 +0200 @@ -1009,7 +1009,7 @@ szFilter[0] = 0; szFilter[1] = 0;
- wszFilter = (LPWSTR)GlobalAllocPtr(GHND, cbFilter);
- wszFilter = (LPWSTR)GlobalAllocPtr(GHND, cbFilter * sizeof(WCHAR)); if (wszFilter == NULL) return AVIERR_MEMORY;
What are we doing to prevent integer overflow on these allocations? Shouldn't we, perhaps, use some wrapper that checks that "cbFilter*sizeof(WCHAR)" is not greater than "MAXINT"?
Shachar
Shachar Shemesh wine-devel@shemesh.biz writes:
Michael Günnewig wrote:
Changelog: Fixed use of uninitialized memory and wrong buffersize (found by valgrind).
...
What are we doing to prevent integer overflow on these allocations? Shouldn't we, perhaps, use some wrapper that checks that "cbFilter*sizeof(WCHAR)" is not greater than "MAXINT"?
It's a point, so here is the new patch.
Michael
MichaelGuennewig@gmx.de (Michael Günnewig) writes:
It's a point, so here is the new patch.
I don't think we need to check string sizes against MAXINT, that's just a waste of time. Also please don't add memsets to fix valgrind complaints, the bugs need to be fixed properly not just hidden by clearing everything.
Alexandre Julliard julliard@winehq.org writes:
MichaelGuennewig@gmx.de (Michael Günnewig) writes:
It's a point, so here is the new patch.
I don't think we need to check string sizes against MAXINT, that's just a waste of time.
Okay you're correct, the check isn't necessary as MAXINT * 2 is MAXUINT - 1 and the size parameter of GlobalAlloc is unsigned.
But the * sizeof(WCHAR) in the GlobalAlloc call is necessary to avoid possible memory corruption because of buffer overruns. So here is it.
Michael
-
Alexandre Julliard -
MichaelGuennewig@gmx.de -
Shachar Shemesh