[Bug 46661] ISF_Desktop_fnGetDisplayNameOf function missing check for string variable This- >sPathTarget before copy it

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=46661

--- Comment #15 from ossecurity <ossecurity at iscas.ac.cn> ---
(In reply to Zebediah Figura from comment #12)
> (In reply to ossecurity from comment #11)
> > Yes, that can cause application crash and this crash is a behaviour of Win32
> > application. However, the missing check in ISF_Desktop_fnGetDisplayNameOf is
> > the behaviour of wine.
> > 
> > It will be clearer to judge this bug if we focus on the behaviour mismatch.
> > As hooking is supported function in windows, a prepared Win32
> > Application(DoInjection.exe) doesn't crash in Windows(I verify it on Win 7),
> > but it crashes in wine. It seems Win7 has added sufficient
> > checks(sanitizations or authority checks), however, wine doesn't.
> 
> You're also assuming that Windows has the same struct layout as Wine, which
> it almost certainly doesn't. Only behaviour differences that affect real
> applications are worth fixing.
> 
> There is no real reason to check for NULL here. It doesn't matter whose
> "behaviour" the code is. The contract internal to the Wine code is that the
> variable is valid from the moment the struct is allocated, not that it is
> valid if and only if it is non-NULL.

I have different thought now.

What do you mean by real applications? The DoInjection.exe inject code in
explorer.exe(this is real applications).

And I think the internal contract is wrong if it's just as you
say. The variable can be changed(by a hooker) between construction and use.

Ke Yang

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.