[PATCH 03/17] shell32/autocomplete: Handle heap_alloc failure and avoid a potential buffer overflow
Gabriel Ivăncescu
gabrielopcode at gmail.com
Thu Sep 6 08:34:11 CDT 2018
On Thu, Sep 6, 2018 at 1:24 PM, Huw Davies <huw at codeweavers.com> wrote:
>
> Do we have an app that actually passes crazy format strings? What we
> mainly care about is protecting against crazy user input strings, not app
> provided strings, so handle the alloc failure by all means, but I'm not
> sure the rest is really useful.
>
Yes it can happen because it can read it from the registry. The app
can only specify a registry path, and reads whatever the format is
from there. But obviously the value in the registry can be written to
by any application. Which, IMO, is trivially exploitable. So the
application itself doesn't have to be malicious or crazy for this to
happen; any other application messing up that registry value can do
it.
Also note that it's mostly about passing it 3 times (hwndText), the
rest is already required even for valid strings like %12s which can be
larger than the string itself (or other such format complications, I
don't really want to make a printf parser...). I don't think it's a
big deal to just pass it 3 times to be safe...
>
> You could just return on heap_alloc failure, that would keep the patch smaller.
>
>
> Again, a break on alloc failure would keep things simpler.
>
Okay, will do.
More information about the wine-devel
mailing list