Re: [PATCH v7 0/4] MR585: Improve is_gecko_path() for handling non-ASCII characters.

7 Aug 2023


      Jacek Caban (@jacek) commented about dlls/kernelbase/path.c:
...
         INT ih;
         WCHAR buf[5] = L"0x";


       memcpy(buf + 2, src + 1, 2*sizeof(WCHAR));
       buf[4] = 0;
       StrToIntExW(buf, STIF_SUPPORT_HEX, &ih);


       next = (WCHAR) ih;
       src += 2; /* Advance to end of escape */


       if (flags & URL_UNESCAPE_AS_UTF8)


       {


           utf8_buf[0] = ih;


           utf8_len = get_utf8_len(ih);


           for (i = 1; i < utf8_len; i++)


           {


               memcpy(buf + 2, src + 2, 2 * sizeof(WCHAR));


At this point, for all you know src[1], src[2] and src[3] may be null bytes. The check bellow is too late, this memcpy potentially reads bytes after buffer end.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/585#note_41487

2025

2024

2023

2022

Re: [PATCH v7 0/4] MR585: Improve is_gecko_path() for handling non-ASCII characters.