ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

winedbg: Protect fetch_float() in CPU backends against buffer overflow. 

Signed-off-by: Eric Pouech <eric.pouech@gmail.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Eric Pouech 2021-11-26 17:30:58 +01:00 committed by Alexandre Julliard
parent 0ed49fabc3
commit 6cee83a665
4 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
programs/winedbg/be_arm.c
View File

@ -1859,6 +1859,7 @@ static BOOL be_arm_fetch_float(const struct dbg_lvalue* lvalue, unsigned size, d
/* FIXME: this assumes that debuggee and debugger use the same
* representation for reals
*/
if (size > sizeof(tmp)) return FALSE;
if (!memory_read_value(lvalue, size, tmp)) return FALSE;
if (size == sizeof(float)) *ret = *(float*)tmp;

1
programs/winedbg/be_arm64.c
View File

@ -256,6 +256,7 @@ static BOOL be_arm64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size,
/* FIXME: this assumes that debuggee and debugger use the same
* representation for reals
*/
if (size > sizeof(tmp)) return FALSE;
if (!memory_read_value(lvalue, size, tmp)) return FALSE;
if (size == sizeof(float)) *ret = *(float*)tmp;

1
programs/winedbg/be_i386.c
View File

@ -805,6 +805,7 @@ static BOOL be_i386_fetch_float(const struct dbg_lvalue* lvalue, unsigned size,
/* FIXME: this assumes that debuggee and debugger use the same
* representation for reals
*/
if (size > sizeof(tmp)) return FALSE;
if (!memory_read_value(lvalue, size, tmp)) return FALSE;
if (size == sizeof(float)) *ret = *(float*)tmp;

1
programs/winedbg/be_x86_64.c
View File

@ -727,6 +727,7 @@ static BOOL be_x86_64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size
/* FIXME: this assumes that debuggee and debugger use the same
* representation for reals
*/
if (size > sizeof(tmp)) return FALSE;
if (!memory_read_value(lvalue, size, tmp)) return FALSE;
if (size == sizeof(float)) *ret = *(float*)tmp;