[Bug 20757] New: Buffer overrun in NetQueryDisplayInformation

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Nov 19 13:30:21 CST 2009 

http://bugs.winehq.org/show_bug.cgi?id=20757

           Summary: Buffer overrun in NetQueryDisplayInformation
           Product: Wine
           Version: 1.1.33
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: source, testcase
          Severity: normal
          Priority: P2
         Component: -unknown
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: dank at kegel.com


http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-netapi32_access.txt
shows the error message

 Invalid write of size 2
    at  strcpyW (unicode.h:224)
    by  lstrcpyW (string.c:104)
    by  ACCESS_CopyDisplayUser (access.c:575)
    by  NetQueryDisplayInformation (access.c:688)
    by  run_querydisplayinformation1_tests (access.c:184)
    by  func_access (access.c:344)
  Address 0x7f000bea is 0 bytes after a block of size 130 alloc'd
    at  notify_alloc (heap.c:279)
    by  RtlAllocateHeap (heap.c:1521)
    by  NetApiBufferAllocate (apibuf.c:41)
    by  NetQueryDisplayInformation (access.c:657)
    by  run_querydisplayinformation1_tests (access.c:184)
    by  func_access (access.c:344)

This can be reproduced locally by setting up valgrind as described in
http://wiki.winehq.org/Valgrind and applying the heap tail check patch to wine,
then running

WINETEST_PLATFORM=wine WINE_HEAP_REDZONE=16 valgrind --trace-children=yes
--track-origins=yes wine netapi32_test.exe.so access

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list