From 99088fe17b4ea6c627a8c3d377c39bd48c68ccef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Bernon?= Date: Mon, 8 Mar 2021 09:14:22 +0100 Subject: [PATCH] winex11.drv: Fix invalid range when reading GTK_WORKAREAS_D0 (valgrind). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Invalid read of size 8 at 0x559B816: get_work_area (display.c:296) by 0x55DC8C1: query_screens (xinerama.c:103) by 0x55DC8C1: xinerama_init (xinerama.c:275) by 0x55D6F47: process_attach (x11drv_main.c:602) by 0x55D6F47: DllMain (x11drv_main.c:721) by 0x7BC35819: call_dll_entry_point (loader.c:285) by 0x7BC35819: MODULE_InitDLL (loader.c:1317) by 0x7BC362ED: process_attach.part.0 (loader.c:1411) by 0x7BC3B843: process_attach (loader.c:1382) by 0x7BC3B843: LdrLoadDll (loader.c:2765) by 0x7B025C85: load_library (loader.c:172) by 0x7B026B72: LoadLibraryExW (loader.c:522) by 0x7B026BE5: LoadLibraryW (loader.c:492) by 0x40990D: load_graphics_driver (desktop.c:844) by 0x40990D: manage_desktop (desktop.c:1010) by 0x40C6B3: parse_command_line (explorer.c:836) by 0x40C6B3: wWinMain (explorer.c:865) by 0x4103F2: wmain (crt_wwinmain.c:55) Address 0x5272370 is 16 bytes before an unallocated block of size 3,132,512 in arena "client" Signed-off-by: RĂ©mi Bernon Signed-off-by: Alexandre Julliard --- dlls/winex11.drv/display.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dlls/winex11.drv/display.c b/dlls/winex11.drv/display.c index 0f61f9f7b2e..b647455a01f 100644 --- a/dlls/winex11.drv/display.c +++ b/dlls/winex11.drv/display.c @@ -289,9 +289,9 @@ RECT get_work_area(const RECT *monitor_rect) x11drv_atom(_GTK_WORKAREAS_D0), 0, ~0, False, XA_CARDINAL, &type, &format, &count, &remaining, (unsigned char **)&work_area)) { - if (type == XA_CARDINAL && format == 32 && count >= 4) + if (type == XA_CARDINAL && format == 32) { - for (i = 0; i + 3 < count; i += 4) + for (i = 0; i < count / 4; ++i) { work_rect.left = work_area[i * 4]; work_rect.top = work_area[i * 4 + 1];