[Bug 40742] New: cmd.exe: buffer overflow while parsing qualifiers

Tue Jun 7 10:59:41 CDT 2016

https://bugs.winehq.org/show_bug.cgi?id=40742

            Bug ID: 40742
           Summary: cmd.exe: buffer overflow while parsing qualifiers
           Product: Wine
           Version: 1.9.11
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: cmd
          Assignee: wine-bugs at winehq.org
          Reporter: jbb.rose at yahoo.com
      Distribution: ---

Created attachment 54646
  --> https://bugs.winehq.org/attachment.cgi?id=54646
Batch file which triggers the problem

WCMD_parse() copies command qualifiers into the quals[] array.  The
array is MAX_PATH (260) characters long, but the input command can be
up to MAXSTRING (8192) characters long.  This can lead to buffer
overflows and crashes if a command has many qualifiers.

The attached try.bat file, taken from an actual command generated by
a cross-build system, reliably crashes wine 1.9.11 as built on SLES11SP2.

Increasing the size of quals[] to MAXSTRING characters fixes the problem.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.