[PATCH] shell32: use flexible arrays to avoid fortify failures
Marcus Meissner
meissner at suse.de
Tue Sep 21 04:43:16 CDT 2010
On Tue, Sep 21, 2010 at 08:34:33AM +0100, Reece Dunn wrote:
> On 20 September 2010 17:51, Mike Frysinger <vapier at gentoo.org> wrote:
> > well, i dont think this issue is limited to shell32. it's just the only one
> > to hit it atm. what about my other patch i posted ?
> > http://www.winehq.org/pipermail/wine-patches/2010-September/093377.html
> >
>
> How does fortify work?
It detects the structure size.
> See http://blogs.msdn.com/b/oldnewthing/archive/2004/08/26/220873.aspx
> for information on how to allocate these structures. Specifically:
>
> PTOKEN_GROUPS TokenGroups = malloc(FIELD_OFFSET(TOKEN_GROUPS,
> Groups[NumberOfGroups]));
>
> The article explains that:
>
> PTOKEN_GROUPS TokenGroups = malloc(sizeof(TOKEN_GROUPS) +
> NumberOfGroups * sizeof(SID_AND_ATTRIBUTES));
>
> crashes on 64-bit platforms with STATUS_DATATYPE_MISALIGNMENT due to
> the data being placed on a 4-byte, not 8-byte, boundary.
>
> Is the shell32 code running into something similar -- that is, are the
> calculations for the allocated memory blocks using these ANYSIZE_ARRAY
> structures wrong?
No, its just that the structure is embedded in another structure and gcc 4.5
only looks at the size of the inner structure for these variable array, and
so does not see it is large enough allocated.
(It is kinda in a gray area, but I am tending towards gcc a bit wrong.)
Ciao, Marcus
More information about the wine-devel
mailing list