Write-past-end in FileMonikerImpl_DecomposePath()
Dan Kegel
dank at kegel.com
Thu Nov 19 14:27:58 CST 2009
Filed as http://bugs.winehq.org/show_bug.cgi?id=20760
On Thu, Nov 19, 2009 at 9:11 AM, Dan Kegel <dank at kegel.com> wrote:
> http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/diff-hlink_hlink.txt
> http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-hlink_hlink.txt
> shows a new error thanks to the heap tail check.
>
> Looks like a level-of-indirection-during-allocation error,
> 1039 strgtable = CoTaskMemAlloc(len*sizeof(WCHAR));
> should be
> 1039 strgtable = CoTaskMemAlloc(len*sizeof(WCHAR *));
>
> Ulrich, you were in there last, could you have a look?
>
> Invalid write of size 4
> at FileMonikerImpl_DecomposePath (filemoniker.c:1056)
> by FileMonikerImpl_Construct (filemoniker.c:1375)
> by CreateFileMoniker (filemoniker.c:1443)
> by FileMoniker_CreateFromDisplayName (filemoniker.c:1484)
> by MkParseDisplayName (moniker.c:1130)
> by HlinkCreateFromString (hlink_main.c:124)
> by test_persist (hlink.c:479)
> by func_hlink (hlink.c:1122)
> by run_test (test.h:535)
> by main (test.h:585)
> Address 0x7f04416c is 4 bytes inside a block of size 6 alloc'd
> at notify_alloc (heap.c:279)
> by RtlAllocateHeap (heap.c:1521)
> by IMalloc_fnAlloc (ifs.c:186)
> by CoTaskMemAlloc (ifs.c:562)
> by FileMonikerImpl_DecomposePath (filemoniker.c:1039)
> by FileMonikerImpl_Construct (filemoniker.c:1375)
> by CreateFileMoniker (filemoniker.c:1443)
> by FileMoniker_CreateFromDisplayName (filemoniker.c:1484)
> by MkParseDisplayName (moniker.c:1130)
> by HlinkCreateFromString (hlink_main.c:124)
> by test_persist (hlink.c:479)
>
More information about the wine-devel
mailing list