[PATCH] shell32: use flexible arrays to avoid fortify failures
Reece Dunn
msclrhd at googlemail.com
Tue Sep 21 03:21:28 CDT 2010
On 21 September 2010 08:58, Mike Frysinger <vapier at gentoo.org> wrote:
> On Tuesday, September 21, 2010 03:34:33 Reece Dunn wrote:
>> On 20 September 2010 17:51, Mike Frysinger <vapier at gentoo.org> wrote:
>> > well, i dont think this issue is limited to shell32. it's just the only
>> > one to hit it atm. what about my other patch i posted ?
>> > http://www.winehq.org/pipermail/wine-patches/2010-September/093377.html
>>
>> How does fortify work?
>
> fortify is only adding security/sanity checks to functions. so if you do:
> char f[1];
> strcpy(f, "1234");
> the C library, with help from the compiler, will then perform constant checks
> on these things. since 5 bytes is more than the storage of "f" can hold, you
> get a build time warning. and then at runtime, if this code is attempted to
> be executed, it will abort() before the storage is allowed to overflow.
>
> the problem with the wine code is that it declares a buffer as 1 byte long
> even though in reality it is the start of a flexible string. newer C specs
> account for this behavior by introducing the "[]" syntax. the C library will
> not perform length checks on these strings since it has no idea what its
> limits are at build time.
Ah, I see.
You could always do something like:
strcpy((char *)pidl->anysize, "1234");
Which would force the compiler to use the char * version instead of
the char [n] version of the strcpy function in this example.
This would then work in any compiler without special casing for
compilers that have fortify -- especially when public structures get
impacted.
- Reece
More information about the wine-devel
mailing list