[Bug 20840] New: Read buffer overflow in RtlValidAcl?
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Nov 26 20:08:59 CST 2009
http://bugs.winehq.org/show_bug.cgi?id=20840
Summary: Read buffer overflow in RtlValidAcl?
Product: Wine
Version: 1.1.33
Platform: PC
OS/Version: Linux
Status: NEW
Keywords: download, source, testcase
Severity: normal
Priority: P2
Component: ntdll
AssignedTo: wine-bugs at winehq.org
ReportedBy: dank at kegel.com
CC: robertshearman at gmail.com
Valgrind complains in
http://kegel.com/wine/valgrind/logs/2009-11-26-06.08/vg-advapi32_security.txt
that 'make test' has an error in advapi32/tests/security.c:
Invalid read of size 2
at RtlValidAcl (sec.c:1331)
by IsValidAcl (security.c:1630)
by test_GetSecurityInfo (security.c:3160)
Address 0x7f03791e is 2 bytes after a block of size 116 alloc'd
at notify_alloc (heap.c:247)
by RtlAllocateHeap (heap.c:1695)
by HeapAlloc (heap.c:276)
by GlobalAlloc (heap.c:369)
by LocalAlloc (heap.c:969)
by GetSecurityInfo (security.c:3087)
by test_GetSecurityInfo (security.c:3146)
The loop around line 1331 of advapi32/sec.c,
for (i=0;i<=pAcl->AceCount;i++)
looks like it goes one further than most AceCount loops,
could that be the problem?
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list