Jacek Caban : dbghelp: Fixed buffer overflow in stabs_parse.

Alexandre Julliard julliard at winehq.org
Mon Aug 17 11:23:48 CDT 2009 

Module: wine
Branch: master
Commit: 956eea6b3100be81aa8dba5ef34ce9c8e0ed7214
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=956eea6b3100be81aa8dba5ef34ce9c8e0ed7214

Author: Jacek Caban <jacek at codeweavers.com>
Date:   Fri Aug 14 19:25:57 2009 +0200

dbghelp: Fixed buffer overflow in stabs_parse.

---

 dlls/dbghelp/stabs.c |   28 +++++++++++++++++++---------
 1 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/dlls/dbghelp/stabs.c b/dlls/dbghelp/stabs.c
index 348a7aa..33b815a 100644
--- a/dlls/dbghelp/stabs.c
+++ b/dlls/dbghelp/stabs.c
@@ -1258,6 +1258,21 @@ static void stabs_finalize_function(struct module* module, struct symt_function*
     if (size) func->size = size;
 }
 
+static inline void stabbuf_append(char **buf, unsigned *buf_size, const char *str)
+{
+    unsigned str_len, buf_len;
+
+    str_len = strlen(str);
+    buf_len = strlen(*buf);
+
+    if(str_len+buf_len >= *buf_size) {
+        *buf_size += buf_len + str_len;
+        *buf = HeapReAlloc(GetProcessHeap(), 0, *buf, *buf_size);
+    }
+
+    strcpy(*buf+buf_len, str);
+}
+
 BOOL stabs_parse(struct module* module, unsigned long load_offset, 
                  const void* pv_stab_ptr, int stablen,
                  const char* strs, int strtablen,
@@ -1317,18 +1332,12 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset,
              * next record.  Repeat the process until we find a stab without the
              * '/' character, as this indicates we have the whole thing.
              */
-            unsigned    len = strlen(ptr);
-            if (strlen(stabbuff) + len > stabbufflen)
-            {
-                stabbufflen *= 2;
-                stabbuff = HeapReAlloc(GetProcessHeap(), 0, stabbuff, stabbufflen);
-            }
-            strncat(stabbuff, ptr, len - 1);
+            stabbuf_append(&stabbuff, &stabbufflen, ptr);
             continue;
         }
         else if (stabbuff[0] != '\0')
         {
-            strcat(stabbuff, ptr);
+            stabbuf_append(&stabbuff, &stabbufflen, ptr);
             ptr = stabbuff;
         }
 
@@ -1355,7 +1364,8 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset,
                  */
                 if (ptr != stabbuff)
                 {
-                    strcpy(stabbuff, ptr);
+                    stabbuff[0] = 0;
+                    stabbuf_append(&stabbuff, &stabbufflen, ptr);
                     ptr = stabbuff;
                 }
                 stab_strcpy(symname, sizeof(symname), ptr);

More information about the wine-cvs mailing list