25 Mar
2024
25 Mar
'24
2:44 p.m.
Zhiyi Zhang (@zhiyi) commented about dlls/win32u/sysparams.c:
if (!desc->pAdapters) {
desc->NumAdapters = max_adapters;
desc->NumAdapters = ARRAY_SIZE(current_gpus); return STATUS_SUCCESS;}
if (!lock_display_devices()) return STATUS_UNSUCCESSFUL;
- if ((count = list_count( &gpus )) > max_adapters)
- LIST_FOR_EACH_ENTRY( gpu, &gpus, struct gpu, entry ) {
WARN( "Too many adapters (%u), only up to %u can be enumerated.\n",(unsigned int)count, (unsigned int)max_adapters );count = max_adapters;
if (count++ >= ARRAY_SIZE(current_gpus))
So when count reaches 34 and breaks out of the loop, count will then become 35. Then you will read/write current_gpus out of bounds. Check count before increasing it.