Jacek Caban : dbghelp: Fixed buffer overflow in stabs_parse.
Alexandre Julliard
julliard at winehq.org
Mon Aug 17 11:23:48 CDT 2009
Module: wine
Branch: master
Commit: 956eea6b3100be81aa8dba5ef34ce9c8e0ed7214
URL: http://source.winehq.org/git/wine.git/?a=commit;h=956eea6b3100be81aa8dba5ef34ce9c8e0ed7214
Author: Jacek Caban <jacek at codeweavers.com>
Date: Fri Aug 14 19:25:57 2009 +0200
dbghelp: Fixed buffer overflow in stabs_parse.
---
dlls/dbghelp/stabs.c | 28 +++++++++++++++++++---------
1 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/dlls/dbghelp/stabs.c b/dlls/dbghelp/stabs.c
index 348a7aa..33b815a 100644
--- a/dlls/dbghelp/stabs.c
+++ b/dlls/dbghelp/stabs.c
@@ -1258,6 +1258,21 @@ static void stabs_finalize_function(struct module* module, struct symt_function*
if (size) func->size = size;
}
+static inline void stabbuf_append(char **buf, unsigned *buf_size, const char *str)
+{
+ unsigned str_len, buf_len;
+
+ str_len = strlen(str);
+ buf_len = strlen(*buf);
+
+ if(str_len+buf_len >= *buf_size) {
+ *buf_size += buf_len + str_len;
+ *buf = HeapReAlloc(GetProcessHeap(), 0, *buf, *buf_size);
+ }
+
+ strcpy(*buf+buf_len, str);
+}
+
BOOL stabs_parse(struct module* module, unsigned long load_offset,
const void* pv_stab_ptr, int stablen,
const char* strs, int strtablen,
@@ -1317,18 +1332,12 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset,
* next record. Repeat the process until we find a stab without the
* '/' character, as this indicates we have the whole thing.
*/
- unsigned len = strlen(ptr);
- if (strlen(stabbuff) + len > stabbufflen)
- {
- stabbufflen *= 2;
- stabbuff = HeapReAlloc(GetProcessHeap(), 0, stabbuff, stabbufflen);
- }
- strncat(stabbuff, ptr, len - 1);
+ stabbuf_append(&stabbuff, &stabbufflen, ptr);
continue;
}
else if (stabbuff[0] != '\0')
{
- strcat(stabbuff, ptr);
+ stabbuf_append(&stabbuff, &stabbufflen, ptr);
ptr = stabbuff;
}
@@ -1355,7 +1364,8 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset,
*/
if (ptr != stabbuff)
{
- strcpy(stabbuff, ptr);
+ stabbuff[0] = 0;
+ stabbuf_append(&stabbuff, &stabbufflen, ptr);
ptr = stabbuff;
}
stab_strcpy(symname, sizeof(symname), ptr);
More information about the wine-cvs
mailing list