[Bug 46661] ISF_Desktop_fnGetDisplayNameOf function missing check for string variable This- >sPathTarget before copy it
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Feb 17 02:53:20 CST 2019
https://bugs.winehq.org/show_bug.cgi?id=46661
--- Comment #1 from ossecurity <ossecurity at iscas.ac.cn> ---
Function:ISF_Desktop_fnGetDisplayNameOf is in shfldr_desktop.c:583
Here is a List of similar bugs which need further examination:
key stmt/exp function (nearest)WINAPI for HOOK
attack
strcpyW(pszPath, This->sPathTarget); ISF_Desktop_fnGetDisplayNameOf
ITSELF
lstrcpynW(szPath, This->sPathTarget, MAX_PATH);ISF_Desktop_fnParseDisplayName
ITSELF
strlenW(font->name) get_outline_text_metrics
GetTextMetricsW/A
lstrcpynW(str, physdev->font->name, count); freetype_GetTextFace
GetTextMetricsW/A
n = strlenW(physdev->font->name) + 1; freetype_GetTextFace
GetTextMetricsW/A
lstrcpynW(dst, es->text, count); EDIT_WM_GetText
Dispatch/SendMessageW/A
memcpy(buf, es->text + s, bufl * sizeof(WCHAR)); EDIT_EM_ReplaceSel
Dispatch/SendMessageW/A
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list