[Bug 45254] New: Buffer overflow, X file children MAX_CHILDREN limit too small, crashes BIONICLE: The Legend of Mata Nui
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat May 26 20:27:15 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=45254
Bug ID: 45254
Summary: Buffer overflow, X file children MAX_CHILDREN limit
too small, crashes BIONICLE: The Legend of Mata Nui
Product: Wine
Version: unspecified
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: directx-d3dxof
Assignee: wine-bugs at winehq.org
Reporter: legojrmastermodelbuilder at gmail.com
Distribution: ---
In dlls/d3dxof/d3dxof_private.h MAX_CHILDREN is defined as 200, which is too
small a buffer for some existing DirectX model .X files:
https://github.com/wine-mirror/wine/blob/4102d8a0dc1b02d37d834f17d1925f3b0de6e2f3/dlls/d3dxof/d3dxof_private.h#L36
In dlls/d3dxof/parsing.c there is actually a warning if that number is
exceeded, but the bounds checking happens after the buffer would be overflown,
so it may read the wrong value or simply crash instead:
https://github.com/wine-mirror/wine/blob/99a5afc09b1e8928a2b3270ce67784083d2f5b0c/dlls/d3dxof/parsing.c#L1371-L1375
Native Windows does not appear to impose a hard limit, or if there is one it is
larger than 0xFFFF (the highest size I tested).
This limitation impacts at least one Windows application, namely the game
BIONICLE: The Legend of Mata Nui.
This would impact Wine on all platforms.
GitHub issue for reference:
https://github.com/TheLegendOfMataNui/game-issues/issues/110
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list