Eric Pouech : winedbg: Protect fetch_float() in CPU backends against buffer overflow.

Alexandre Julliard julliard at winehq.org
Fri Nov 26 15:46:28 CST 2021 

Module: wine
Branch: master
Commit: 6cee83a665189fc99e91f18ffb80c23918b0aa6f
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=6cee83a665189fc99e91f18ffb80c23918b0aa6f

Author: Eric Pouech <eric.pouech at gmail.com>
Date:   Fri Nov 26 17:30:58 2021 +0100

winedbg: Protect fetch_float() in CPU backends against buffer overflow.

Signed-off-by: Eric Pouech <eric.pouech at gmail.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 programs/winedbg/be_arm.c    | 1 +
 programs/winedbg/be_arm64.c  | 1 +
 programs/winedbg/be_i386.c   | 1 +
 programs/winedbg/be_x86_64.c | 1 +
 4 files changed, 4 insertions(+)

diff --git a/programs/winedbg/be_arm.c b/programs/winedbg/be_arm.c
index 3bf5771439c..451eb50e772 100644
--- a/programs/winedbg/be_arm.c
+++ b/programs/winedbg/be_arm.c
@@ -1859,6 +1859,7 @@ static BOOL be_arm_fetch_float(const struct dbg_lvalue* lvalue, unsigned size, d
     /* FIXME: this assumes that debuggee and debugger use the same
      * representation for reals
      */
+    if (size > sizeof(tmp)) return FALSE;
     if (!memory_read_value(lvalue, size, tmp)) return FALSE;
 
     if (size == sizeof(float)) *ret = *(float*)tmp;
diff --git a/programs/winedbg/be_arm64.c b/programs/winedbg/be_arm64.c
index d7611ba75de..aaf6ecf0bb6 100644
--- a/programs/winedbg/be_arm64.c
+++ b/programs/winedbg/be_arm64.c
@@ -256,6 +256,7 @@ static BOOL be_arm64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size,
     /* FIXME: this assumes that debuggee and debugger use the same
      * representation for reals
      */
+    if (size > sizeof(tmp)) return FALSE;
     if (!memory_read_value(lvalue, size, tmp)) return FALSE;
 
     if (size == sizeof(float)) *ret = *(float*)tmp;
diff --git a/programs/winedbg/be_i386.c b/programs/winedbg/be_i386.c
index e7a1dd9d460..3bb7b9b4240 100644
--- a/programs/winedbg/be_i386.c
+++ b/programs/winedbg/be_i386.c
@@ -805,6 +805,7 @@ static BOOL be_i386_fetch_float(const struct dbg_lvalue* lvalue, unsigned size,
     /* FIXME: this assumes that debuggee and debugger use the same 
      * representation for reals
      */
+    if (size > sizeof(tmp)) return FALSE;
     if (!memory_read_value(lvalue, size, tmp)) return FALSE;
 
     if (size == sizeof(float)) *ret = *(float*)tmp;
diff --git a/programs/winedbg/be_x86_64.c b/programs/winedbg/be_x86_64.c
index 4920bf2d0ca..45c01a70594 100644
--- a/programs/winedbg/be_x86_64.c
+++ b/programs/winedbg/be_x86_64.c
@@ -727,6 +727,7 @@ static BOOL be_x86_64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size
     /* FIXME: this assumes that debuggee and debugger use the same
      * representation for reals
      */
+    if (size > sizeof(tmp)) return FALSE;
     if (!memory_read_value(lvalue, size, tmp)) return FALSE;
 
     if (size == sizeof(float)) *ret = *(float*)tmp;

More information about the wine-cvs mailing list