ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ntdll: Fix environment memcpy read overflow (valgrind). 

Invalid read of size 1
     at 0x7BC5C5E3: memcpy (string.c:109)
     by 0x7BC267F7: RtlCreateProcessParametersEx (env.c:785)
     by 0x7B04EB57: create_process_params (process.c:183)
     by 0x7B04EB57: CreateProcessInternalW (process.c:544)
     by 0x7B0508E3: CreateProcessW (process.c:668)
     by 0x403B1E: runCmd (wineboot.c:1055)
     by 0x403B1E: process_run_key (wineboot.c:1126)
     by 0x404228: ProcessRunKeys (wineboot.c:1159)
     by 0x406DB1: main (wineboot.c:1707)
   Address 0x7ffffe00331a is 0 bytes after a recently re-allocated block of size 12,074 alloc'd
     at 0x7BC2D209: notify_alloc (heap.c:260)
     by 0x7BC2D209: RtlAllocateHeap (heap.c:1713)
     by 0x7BC25BAC: RtlSetEnvironmentVariable (env.c:515)
     by 0x7BC25EE0: set_env_var (env.c:61)
     by 0x7BC26C37: set_wow64_environment (env.c:228)
     by 0x7BC26C37: init_user_process_params (env.c:891)
     by 0x7BC3B01B: process_init (loader.c:3991)
     by 0x7BC3CD24: __wine_set_unix_funcs (loader.c:4095)
     by 0x469604E: start_main_thread (loader.c:1752)
     by 0x469604E: __wine_main (loader.c:2083)
     by 0x7D001231: main (main.c:157)

Signed-off-by: Rémi Bernon <rbernon@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Rémi Bernon 2021-03-08 09:14:19 +01:00 committed by Alexandre Julliard
parent c3c4d0c37e
commit f69e5478d5
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dlls/ntdll/env.c
View File

@ -762,14 +762,13 @@ NTSTATUS WINAPI RtlCreateProcessParametersEx( RTL_USER_PROCESS_PARAMETERS **resu
+ ROUND_SIZE( ShellInfo->MaximumLength ) + ROUND_SIZE( ShellInfo->MaximumLength )
+ ROUND_SIZE( RuntimeInfo->MaximumLength )); + ROUND_SIZE( RuntimeInfo->MaximumLength ));
env_size = ROUND_SIZE( env_size ); if ((ptr = RtlAllocateHeap( GetProcessHeap(), HEAP_ZERO_MEMORY, size + ROUND_SIZE( env_size ) )))
if ((ptr = RtlAllocateHeap( GetProcessHeap(), HEAP_ZERO_MEMORY, size + env_size )))
{ {
RTL_USER_PROCESS_PARAMETERS *params = ptr; RTL_USER_PROCESS_PARAMETERS *params = ptr;
params->AllocationSize = size; params->AllocationSize = size;
params->Size = size; params->Size = size;
params->Flags = PROCESS_PARAMS_FLAG_NORMALIZED; params->Flags = PROCESS_PARAMS_FLAG_NORMALIZED;
params->EnvironmentSize = env_size; params->EnvironmentSize = ROUND_SIZE( env_size );
if (cur_params) params->ConsoleFlags = cur_params->ConsoleFlags; if (cur_params) params->ConsoleFlags = cur_params->ConsoleFlags;
/* all other fields are zero */ /* all other fields are zero */