[Bug 46661] ISF_Desktop_fnGetDisplayNameOf function missing check for string variable This- >sPathTarget before copy it
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Feb 19 20:01:16 CST 2019
https://bugs.winehq.org/show_bug.cgi?id=46661
--- Comment #11 from ossecurity <ossecurity at iscas.ac.cn> ---
Yes, that can cause application crash and this crash is a behaviour of Win32
application. However, the missing check in ISF_Desktop_fnGetDisplayNameOf is
the behaviour of wine.
It will be clearer to judge this bug if we focus on the behaviour mismatch.
As hooking is supported function in windows, a prepared Win32
Application(DoInjection.exe) doesn't crash in Windows(I verify it on Win 7),
but it crash in wine. It seems Win7 has added sufficient checks(sanitizations
or authority checks), however, wine doesn't.
Ke Yang
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list