ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dbghelp: Fixed buffer overflow in stabs_parse.

This commit is contained in:
Jacek Caban 2009-08-14 19:25:57 +02:00 committed by Alexandre Julliard
parent 5d3e134b17
commit 956eea6b31
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
dlls/dbghelp/stabs.c
View File

@ -1258,6 +1258,21 @@ static void stabs_finalize_function(struct module* module, struct symt_function*
if (size) func->size = size;
}
static inline void stabbuf_append(char **buf, unsigned *buf_size, const char *str)
{
unsigned str_len, buf_len;
str_len = strlen(str);
buf_len = strlen(*buf);
if(str_len+buf_len >= *buf_size) {
*buf_size += buf_len + str_len;
*buf = HeapReAlloc(GetProcessHeap(), 0, *buf, *buf_size);
}
strcpy(*buf+buf_len, str);
}
BOOL stabs_parse(struct module* module, unsigned long load_offset,
const void* pv_stab_ptr, int stablen,
const char* strs, int strtablen,
@ -1317,18 +1332,12 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset,
* next record. Repeat the process until we find a stab without the
* '/' character, as this indicates we have the whole thing.
*/
unsigned len = strlen(ptr);
if (strlen(stabbuff) + len > stabbufflen)
{
stabbufflen *= 2;
stabbuff = HeapReAlloc(GetProcessHeap(), 0, stabbuff, stabbufflen);
}
strncat(stabbuff, ptr, len - 1);
stabbuf_append(&stabbuff, &stabbufflen, ptr);
continue;
}
else if (stabbuff[0] != '\0')
{
strcat(stabbuff, ptr);
stabbuf_append(&stabbuff, &stabbufflen, ptr);
ptr = stabbuff;
}
@ -1355,7 +1364,8 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset,
*/
if (ptr != stabbuff)
{
strcpy(stabbuff, ptr);
stabbuff[0] = 0;
stabbuf_append(&stabbuff, &stabbufflen, ptr);
ptr = stabbuff;
}
stab_strcpy(symname, sizeof(symname), ptr);