Torge Matthies : ws2_32: Don't read more than necessary from the inputs in select().

Alexandre Julliard julliard at winehq.org
Sun Dec 26 10:44:21 CST 2021 

Module: wine
Branch: master
Commit: ae0209a33665e16db885f38a12300d581d516123
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=ae0209a33665e16db885f38a12300d581d516123

Author: Torge Matthies <openglfreak at googlemail.com>
Date:   Fri Dec 24 01:51:29 2021 +0100

ws2_32: Don't read more than necessary from the inputs in select().

.NET Framework / old .NET Core seems to allocate not more space than
necessary for the fd_set inputs, so if the allocation fell on the edge
of the end of the heap, Wine tried to read past it.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=52259
Signed-off-by: Torge Matthies <openglfreak at googlemail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/ws2_32/socket.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/dlls/ws2_32/socket.c b/dlls/ws2_32/socket.c
index 648284c10a3..698e788c459 100644
--- a/dlls/ws2_32/socket.c
+++ b/dlls/ws2_32/socket.c
@@ -2395,9 +2395,9 @@ int WINAPI select( int count, fd_set *read_ptr, fd_set *write_ptr,
     FD_ZERO( &read );
     FD_ZERO( &write );
     FD_ZERO( &except );
-    if (read_ptr) read = *read_ptr;
-    if (write_ptr) write = *write_ptr;
-    if (except_ptr) except = *except_ptr;
+    if (read_ptr) read.fd_count = read_ptr->fd_count;
+    if (write_ptr) write.fd_count = write_ptr->fd_count;
+    if (except_ptr) except.fd_count = except_ptr->fd_count;
 
     if (!(sync_event = get_sync_event())) return -1;
 
@@ -2408,7 +2408,7 @@ int WINAPI select( int count, fd_set *read_ptr, fd_set *write_ptr,
 
     for (i = 0; i < read.fd_count; ++i)
     {
-        params->sockets[params->count].socket = read.fd_array[i];
+        params->sockets[params->count].socket = read.fd_array[i] = read_ptr->fd_array[i];
         params->sockets[params->count].flags = AFD_POLL_READ | AFD_POLL_ACCEPT | AFD_POLL_HUP;
         ++params->count;
         poll_socket = read.fd_array[i];
@@ -2416,7 +2416,7 @@ int WINAPI select( int count, fd_set *read_ptr, fd_set *write_ptr,
 
     for (i = 0; i < write.fd_count; ++i)
     {
-        params->sockets[params->count].socket = write.fd_array[i];
+        params->sockets[params->count].socket = write.fd_array[i] = write_ptr->fd_array[i];
         params->sockets[params->count].flags = AFD_POLL_WRITE;
         ++params->count;
         poll_socket = write.fd_array[i];
@@ -2424,7 +2424,7 @@ int WINAPI select( int count, fd_set *read_ptr, fd_set *write_ptr,
 
     for (i = 0; i < except.fd_count; ++i)
     {
-        params->sockets[params->count].socket = except.fd_array[i];
+        params->sockets[params->count].socket = except.fd_array[i] = except_ptr->fd_array[i];
         params->sockets[params->count].flags = AFD_POLL_OOB | AFD_POLL_CONNECT_ERR;
         ++params->count;
         poll_socket = except.fd_array[i];

More information about the wine-cvs mailing list