[Bug 20841] New: Read buffer overflow in test_GetSidSubAuthority?

[wine-bugs at winehq.org]

http://bugs.winehq.org/show_bug.cgi?id=20841

           Summary: Read buffer overflow in test_GetSidSubAuthority?
           Product: Wine
           Version: 1.1.33
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: download, source, testcase
          Severity: normal
          Priority: P2
         Component: advapi32
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: dank at kegel.com
                CC: xerox_xerox2000 at yahoo.co.uk


http://kegel.com/wine/valgrind/logs/2009-11-26-06.08/vg-advapi32_security.txt
complains
 Invalid read of size 4
    at  test_GetSidSubAuthority (security.c:3212)
  Address 0x7f037878 is 0 bytes after a block of size 24 alloc'd
    at  notify_alloc (heap.c:247)
    by  RtlAllocateHeap (heap.c:1695)
    by  HeapAlloc (heap.c:276)
    by  GlobalAlloc (heap.c:369)
    by  LocalAlloc (heap.c:969)
    by  ConvertStringSidToSidW (security.c:4857)
    by  ConvertStringSidToSidA (security.c:4885)
    by  test_GetSidSubAuthority (security.c:3200)

The code in question is

   3200    
ok(pConvertStringSidToSidA("S-1-5-21-93476-23408-4576",&psid),"ConvertStringSidToSidA
failed\n");
...   
3203     ok(*pGetSidSubAuthorityCount(psid) == 4,"GetSidSubAuthorityCount gave
%d expected 4\n",*pGetSidSubAuthorityCount(psid));
...
   3212     todo_wine ok(*pGetSidSubAuthority(psid,4) == 0,"GetSidSubAuthority
gave %d,expected 0\n",*pGetSidSubAuthority(psid,4));

http://support.microsoft.com/kb/286182 makes me think the 2nd arg
to GetSideSubAuthority is zero-based, so it seems like
that test is overrunning the buffer, and line 3212 should be deleted.
What say?

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.