[Bug 28796] New: ntdll: read buffer overrun in lookup_manifest_file

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Oct 18 15:54:37 CDT 2011


http://bugs.winehq.org/show_bug.cgi?id=28796

             Bug #: 28796
           Summary: ntdll: read buffer overrun in lookup_manifest_file
           Product: Wine
           Version: 1.3.30
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntdll
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: dank at kegel.com
    Classification: Unclassified


Running "make imagelist.ok" in comctl32, valgrind complains

Use of uninitialised value of size 4
  at tolowerW (unicode.h:123)
  by strcmpiW (string.c:32)
  by lookup_manifest_file (actctx.c:1880)
  by RtlCreateActivationContext (actctx.c:1945)
  by CreateActCtxW (actctx.c:127)
  by CreateActCtxA (actctx.c:105)
  by load_v6_module (v6util.h:126)
  by func_header (header.c:1846)
  by run_test (test.h:556)
  by main (test.h:624)
 Uninitialised value was created by a stack allocation
  at lookup_manifest_file (actctx.c:1822)

The code assumes incorrectly that FileName is nul-terminated.  
Patch sent, 
http://www.winehq.org/pipermail/wine-patches/2011-October/107899.html
but rejected, so filing bug until I have a chance to look at it again.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list