Re: [PATCH v5 0/4] MR406: win32u: Introduce new add_modes device manager callback.

1 Aug 2022


      Zhiyi Zhang (@zhiyi) commented about dlls/win32u/sysparams.c:
...
#undef query_mode_field

ret = query_reg_value( hkey, driver_extraW, value, sizeof(value_buf) ) &&
     value->Type == REG_BINARY;


if (ret && value->DataLength <= mode->dmDriverExtra)
   memcpy( mode + 1, value->Data, mode->dmDriverExtra );


Hi, R��mi. This is causing a new Coverity report. In NtUserChangeDisplaySettings(), default_mode is passed to read_registry_settings(), which eventually calls read_adapter_mode() and then writes to the mode + 1. This is out of bound access because default_mode is not an array. I think the correct fix is to not set dmDriverExtra for ENUM_REGISTRY_SETTINGS.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/406#note_5410

2025

2024

2023

2022

Re: [PATCH v5 0/4] MR406: win32u: Introduce new add_modes device manager callback.