[PATCH] shell32: use flexible arrays to avoid fortify failures

Reece Dunn msclrhd at googlemail.com
Tue Sep 21 03:21:28 CDT 2010

On 21 September 2010 08:58, Mike Frysinger <vapier at gentoo.org> wrote:
> On Tuesday, September 21, 2010 03:34:33 Reece Dunn wrote:
>> On 20 September 2010 17:51, Mike Frysinger <vapier at gentoo.org> wrote:
>> > well, i dont think this issue is limited to shell32.  it's just the only
>> > one to hit it atm.  what about my other patch i posted ?
>> > http://www.winehq.org/pipermail/wine-patches/2010-September/093377.html
>> How does fortify work?
> fortify is only adding security/sanity checks to functions.  so if you do:
>        char f[1];
>        strcpy(f, "1234");
> the C library, with help from the compiler, will then perform constant checks
> on these things.  since 5 bytes is more than the storage of "f" can hold, you
> get a build time warning.  and then at runtime, if this code is attempted to
> be executed, it will abort() before the storage is allowed to overflow.
> the problem with the wine code is that it declares a buffer as 1 byte long
> even though in reality it is the start of a flexible string.  newer C specs
> account for this behavior by introducing the "[]" syntax.  the C library will
> not perform length checks on these strings since it has no idea what its
> limits are at build time.

Ah, I see.

You could always do something like:

    strcpy((char *)pidl->anysize, "1234");

Which would force the compiler to use the char * version instead of
the char [n] version of the strcpy function in this example.

This would then work in any compiler without special casing for
compilers that have fortify -- especially when public structures get

- Reece

More information about the wine-devel mailing list