Eric Pouech : winedbg: Protect against incorrect integer size in be_cpu.fetch_integer() method.
Alexandre Julliard
julliard at winehq.org
Fri Nov 26 15:46:28 CST 2021
Module: wine
Branch: master
Commit: 0ed49fabc3cae185a610ee973d4b0c75877812d7
URL: https://source.winehq.org/git/wine.git/?a=commit;h=0ed49fabc3cae185a610ee973d4b0c75877812d7
Author: Eric Pouech <eric.pouech at gmail.com>
Date: Fri Nov 26 17:30:52 2021 +0100
winedbg: Protect against incorrect integer size in be_cpu.fetch_integer() method.
Signed-off-by: Eric Pouech <eric.pouech at gmail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
programs/winedbg/be_arm.c | 3 ++-
programs/winedbg/be_arm64.c | 3 ++-
programs/winedbg/be_i386.c | 3 ++-
programs/winedbg/be_x86_64.c | 4 ++--
4 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/programs/winedbg/be_arm.c b/programs/winedbg/be_arm.c
index fa25ce8dd2b..3bf5771439c 100644
--- a/programs/winedbg/be_arm.c
+++ b/programs/winedbg/be_arm.c
@@ -1834,7 +1834,8 @@ static int be_arm_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
static BOOL be_arm_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
BOOL is_signed, LONGLONG* ret)
{
- if (size != 1 && size != 2 && size != 4 && size != 8) return FALSE;
+ /* size must fit in ret and be a power of two */
+ if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;
memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
/* FIXME: this assumes that debuggee and debugger use the same
diff --git a/programs/winedbg/be_arm64.c b/programs/winedbg/be_arm64.c
index 9ceb9291d54..d7611ba75de 100644
--- a/programs/winedbg/be_arm64.c
+++ b/programs/winedbg/be_arm64.c
@@ -231,7 +231,8 @@ static int be_arm64_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
static BOOL be_arm64_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
BOOL is_signed, LONGLONG* ret)
{
- if (size != 1 && size != 2 && size != 4 && size != 8) return FALSE;
+ /* size must fit in ret and be a power of two */
+ if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;
memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
/* FIXME: this assumes that debuggee and debugger use the same
diff --git a/programs/winedbg/be_i386.c b/programs/winedbg/be_i386.c
index 08d0841a208..e7a1dd9d460 100644
--- a/programs/winedbg/be_i386.c
+++ b/programs/winedbg/be_i386.c
@@ -780,7 +780,8 @@ static int be_i386_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
static BOOL be_i386_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
BOOL is_signed, LONGLONG* ret)
{
- if (size != 1 && size != 2 && size != 4 && size != 8 && size != 16) return FALSE;
+ /* size must fit in ret and be a power of two */
+ if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;
memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
/* FIXME: this assumes that debuggee and debugger use the same
diff --git a/programs/winedbg/be_x86_64.c b/programs/winedbg/be_x86_64.c
index c2839cf4097..4920bf2d0ca 100644
--- a/programs/winedbg/be_x86_64.c
+++ b/programs/winedbg/be_x86_64.c
@@ -702,8 +702,8 @@ static int be_x86_64_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
static BOOL be_x86_64_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
BOOL is_signed, LONGLONG* ret)
{
- if (size != 1 && size != 2 && size != 4 && size != 8 && size != 16)
- return FALSE;
+ /* size must fit in ret and be a power of two */
+ if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;
memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
/* FIXME: this assumes that debuggee and debugger use the same
More information about the wine-cvs
mailing list