[PATCH] shell32: use flexible arrays to avoid fortify failures

Mike Frysinger vapier at gentoo.org
Tue Sep 21 02:58:28 CDT 2010

On Tuesday, September 21, 2010 03:34:33 Reece Dunn wrote:
> On 20 September 2010 17:51, Mike Frysinger <vapier at gentoo.org> wrote:
> > well, i dont think this issue is limited to shell32.  it's just the only
> > one to hit it atm.  what about my other patch i posted ?
> > http://www.winehq.org/pipermail/wine-patches/2010-September/093377.html
> How does fortify work?

fortify is only adding security/sanity checks to functions.  so if you do:
	char f[1];
	strcpy(f, "1234");
the C library, with help from the compiler, will then perform constant checks 
on these things.  since 5 bytes is more than the storage of "f" can hold, you 
get a build time warning.  and then at runtime, if this code is attempted to 
be executed, it will abort() before the storage is allowed to overflow.

the problem with the wine code is that it declares a buffer as 1 byte long 
even though in reality it is the start of a flexible string.  newer C specs 
account for this behavior by introducing the "[]" syntax.  the C library will 
not perform length checks on these strings since it has no idea what its 
limits are at build time.

this isnt really an allocation issue as i think your line of logic is going.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20100921/e60ffd91/attachment.pgp>

More information about the wine-devel mailing list