PATCH: fix out of range array access in dlls/kernel32/relay16.c (fwd)
Gerald Pfeifer
gerald at pfeifer.com
Sat Dec 1 20:28:10 CST 2007
On Thu, 29 Nov 2007, Alexandre Julliard wrote:
>> I checked again and if we don't address this we'll get two new warnings
>> issues in a default build with GCC 4.3. How does the patch below
>> look?
> Not good, it adds noise to the code for no good reason. Why would gcc
> complain about that one?
GCC 4.3 (today's snapshot) complains as follows when building Wine with
default options:
relay16.c: In function 'relay_call_from_16':
relay16.c:323: warning: array subscript is above array bounds
relay16.c:427: warning: array subscript is above array bounds
Looking at the code GCC is right:
for (j = 0; j < sizeof(call->ret)/sizeof(call->ret[0]); j++)
if (call->ret[j] == 0xca66 || call->ret[j] == 0xcb66) break;
if (call->ret[j] == 0xcb66) /* cdecl */
Unless we break out of the loop, after the loop j will be the number of
elements in the array, and thus call->rej[j] will be the first element
_after_ the array, running into the next field of the structure.
The straightforward fix to avoid this out-of-array access was my first
patch at
http://www.winehq.org/pipermail/wine-patches/2007-September/044612.html
which you didn't like too much ;-), so I cooked up the second one
http://www.winehq.org/pipermail/wine-patches/2007-November/047288.html
Do you (or does anyone else) have a better idea how to address this?
Gerald
More information about the wine-devel
mailing list