[Bug 20851] New: Read buffer overflow in CombineRgn, triggered by imm32/tests/imm32.c

wine-bugs at winehq.org wine-bugs at winehq.org
Fri Nov 27 20:51:34 CST 2009


http://bugs.winehq.org/show_bug.cgi?id=20851

           Summary: Read buffer overflow in CombineRgn, triggered by
                    imm32/tests/imm32.c
           Product: Wine
           Version: 1.1.33
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: download, source, testcase
          Severity: normal
          Priority: P2
         Component: -unknown
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: dank at kegel.com


http://kegel.com/wine/valgrind/logs/2009-11-18-21.51/vg-imm32_imm32.txt through
http://kegel.com/wine/valgrind/logs/2009-11-27-12.53/vg-imm32_imm32.txt
have the warning

 Invalid read of size 4
    at REGION_SubtractO (region.c:2219)
    by REGION_RegionOp (region.c:1776)
    by REGION_SubtractRegion (region.c:2258)
    by CombineRgn (region.c:1376)
    by NC_DoNCPaint (nonclient.c:1022)
    by NC_HandleNCPaint (nonclient.c:1117)
    by DEFWND_DefWinProc (defwnd.c:303)
    by DefWindowProcA (defwnd.c:914)
    by ??? (library.h:159)
    by call_window_proc (winproc.c:469)
    by WINPROC_CallProcWtoA (winproc.c:1279)
    by WINPROC_call_window (winproc.c:2216)
    by call_window_proc (message.c:1635)
    by send_message (message.c:2482)
    by SendMessageW (message.c:2605)
    by send_ncpaint (painting.c:665)
    by BeginPaint (painting.c:871)
    by DEFWND_DefWinProc (defwnd.c:428)
    by DefWindowProcA (defwnd.c:914)
    by ??? (library.h:159)
  Address 0x7f082810 is 0 bytes after a block of size 32 alloc'd
    at notify_alloc (heap.c:247)
    by RtlAllocateHeap (heap.c:1697)
    by init_region (region.c:492)
    by REGION_RegionOp (region.c:1666)
    by REGION_UnionRegion (region.c:2094)
    by REGION_UnionRectWithRegion (region.c:1260)
    by ExtCreateRegion (region.c:1073)
    by get_update_region (painting.c:549)
    by send_ncpaint (painting.c:621)
    by BeginPaint (painting.c:871)
    by DEFWND_DefWinProc (defwnd.c:428)
    by DefWindowProcA (defwnd.c:914)
    by ??? (library.h:159)
    by call_window_proc (winproc.c:469)
    by WINPROC_call_window (winproc.c:2223)
    by DispatchMessageA (message.c:3089)
    by msg_spy_pump_msg_queue (imm32.c:81)
    by msg_spy_flush_msgs (imm32.c:88)
    by msg_spy_init (imm32.c:118)
    by init (imm32.c:173)

This is likely a very old problem.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list