Buffer overflow in kernel/process test

Francois Gouget fgouget at codeweavers.com
Tue Nov 18 09:47:23 CST 2003 

A small improvement to my previous patch:

Changelog:

    Francois Gouget <fgouget at codeweavers.com>

  * dlls/kernel/tests/process.c

    Scale the buffer sizes with MAX_LISTED_ENV_VAR.
    Add a note about the limited buffer size used by the *Profile functions.
    Fix a couple of spelling errors.

-- 
Francois Gouget
fgouget at codeweavers.com

-------------- next part --------------
Index: dlls/kernel/tests/process.c
===================================================================
RCS file: /home/cvs/wine/dlls/kernel/tests/process.c,v
retrieving revision 1.13
diff -u -r1.13 process.c
--- dlls/kernel/tests/process.c	9 Nov 2003 00:30:36 -0000	1.13
+++ dlls/kernel/tests/process.c	12 Nov 2003 17:15:59 -0000
@@ -37,8 +37,10 @@
 static int      myARGC;
 static char**   myARGV;
 
-/* as some environment variables get very long on Unix, we only test for
- * the first 127 bytes
+/* As some environment variables get very long on Unix, we only test for
+ * the first 127 bytes.
+ * Note that increasing this value past 256 may exceed the buffer size
+ * limitations of the *Profile functions (at least on Wine).
  */
 #define MAX_LISTED_ENV_VAR      128
 
@@ -175,7 +177,7 @@
 static void     childPrintf(HANDLE h, const char* fmt, ...)
 {
     va_list     valist;
-    char        buffer[2048];
+    char        buffer[1024+4*MAX_LISTED_ENV_VAR];
     DWORD       w;
 
     va_start(valist, fmt);
@@ -345,7 +347,7 @@
 
             ok(ReadFile(hStdIn, buf, sizeof(buf), &r, NULL) && r > 0, "Reading message from input pipe");
             childPrintf(hFile, "[StdHandle]\nmsg=%s\n\n", encodeA(buf));
-            ok(WriteFile(hStdOut, buf, r, &w, NULL) && w == r, "Writting message to output pipe");
+            ok(WriteFile(hStdOut, buf, r, &w, NULL) && w == r, "Writing message to output pipe");
         }
     }
 
@@ -361,7 +363,7 @@
 
 static char* getChildString(const char* sect, const char* key)
 {
-    char        buf[1024];
+    char        buf[1024+4*MAX_LISTED_ENV_VAR];
     char*       ret;
 
     GetPrivateProfileStringA(sect, key, "-", buf, sizeof(buf), resfile);
@@ -1127,7 +1129,7 @@
     ok(CloseHandle(hChildOutInh), "Closing handle");
 
     msg_len = strlen(msg) + 1;
-    ok(WriteFile(hParentOut, msg, msg_len, &w, NULL), "Writting to child");
+    ok(WriteFile(hParentOut, msg, msg_len, &w, NULL), "Writing to child");
     ok(w == msg_len, "Should have written %u bytes, actually wrote %lu", msg_len, w);
     memset(buffer, 0, sizeof(buffer));
     ok(ReadFile(hParentIn, buffer, sizeof(buffer), &w, NULL), "Reading from child");

More information about the wine-patches mailing list