[PATCH] static buffer overflow checking

Wed Sep 10 15:12:43 CDT 2008

Hi,

This checks for a case, where buffers passed to MultiByteToWideChar
and WideChartoMultiByte do not match the size passed.

Usually a WCHAR buf[xx] is passed and sizeof(buf) as size.

This approach will not work with -O0, which might be a problem.

Ciao, Marcus
---
 include/winnls.h |   52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 52 insertions(+), 0 deletions(-)

diff --git a/include/winnls.h b/include/winnls.h
index 50d6389..6fba285 100644
--- a/include/winnls.h
+++ b/include/winnls.h
@@ -788,6 +788,58 @@ WINBASEAPI BOOL        WINAPI SetThreadLocale(LCID);
 WINBASEAPI BOOL        WINAPI SetUserGeoID(GEOID);
 WINBASEAPI INT         WINAPI WideCharToMultiByte(UINT,DWORD,LPCWSTR,INT,LPSTR,INT,LPCSTR,LPBOOL);
 
+#if !defined(__GNUC__) || (__GNUC__ < 4)
+# undef __builtin_object_size
+# define __builtin_object_size(x,y) -1
+# undef __builtin_constant_p
+# define __builtin_constant_p(x) 0
+#endif
+
+/* __builtin_object_size does not evaluate the argument, so using it
+ * a second time in this macro is safe.
+ */
+extern void MBtoWC_incorrect_source_buffer_size(void);
+extern void MBtoWC_incorrect_destination_buffer_size__divide_by_sizeof_WCHAR(void);
+static inline INT
+WINAPI MultiByteToWideChar_ichk(
+	UINT cp,DWORD flags,
+	LPCSTR src,INT srclen,INT srcbuflen,
+	LPWSTR dst,INT dstlen,INT dstbuflen
+) {
+	if (__builtin_constant_p(srclen) && (srclen != -1) && (srcbuflen != -1) && (srcbuflen < srclen))
+		MBtoWC_incorrect_source_buffer_size();
+	if (__builtin_constant_p(dstlen) && (dstlen != -1)  && (dstbuflen != -1) && (dstbuflen/2 < dstlen))
+		MBtoWC_incorrect_destination_buffer_size__divide_by_sizeof_WCHAR();
+	return MultiByteToWideChar(cp,flags,src,srclen,dst,dstlen);
+}
+#define MultiByteToWideChar(cp,flags,src,srclen,dst,dstlen)	\
+	MultiByteToWideChar_ichk((cp),(flags),			\
+		(src),(srclen),(__builtin_object_size(src,0)),	\
+		(dst),(dstlen),(__builtin_object_size(dst,0))	\
+	)
+
+extern void WCtoMB_incorrect_source_buffer_size__divide_by_sizeof_WCHAR(void);
+extern void WCtoMB_incorrect_dest_buffer_size(void);
+static inline INT
+WINAPI WideCharToMultiByte_ichk(
+	UINT cp,DWORD flags,
+	LPCWSTR src,INT srclen,INT srcbuflen,
+	LPSTR dst,INT dstlen,INT dstbuflen,
+	LPCSTR xstr,LPBOOL b
+) {
+	if (__builtin_constant_p(srclen) && (srclen != -1) && (srcbuflen != -1) && (srcbuflen/2 < srclen))
+		WCtoMB_incorrect_source_buffer_size__divide_by_sizeof_WCHAR();
+	if (__builtin_constant_p(dstlen) && (dstlen != -1) && (dstbuflen != -1) && (dstbuflen < dstlen))
+		WCtoMB_incorrect_dest_buffer_size();
+	return WideCharToMultiByte(cp,flags,src,srclen,dst,dstlen,xstr,b);
+}
+#define WideCharToMultiByte(cp,flags,src,srclen,dst,dstlen,defchar,b)	\
+	WideCharToMultiByte_ichk((cp),(flags),				\
+		(src),(srclen),__builtin_object_size((src),0),		\
+		(dst),(dstlen),__builtin_object_size((dst),0),		\
+		(defchar),(b)							\
+	)
+
 #ifdef __cplusplus
 }
 #endif
-- 
1.5.6

