[PATCH] services: Avoid buffer overruns in test_runner and START_TEST.

Gerald Pfeifer gerald at pfeifer.com
Sun Dec 24 22:37:28 CST 2017 

A few days ago my GCC-based builder started picking this up, and
looking into the code there is potential for an actual buffer overrun, 
since service_name is included into named_pipe_name together with some
constants, and both originally were the same size.

This fixes it by increasing the size of the second buffer which also
addresses the following warnings issued by GCC:

service.c: In function ‘test_runner’:
service.c:541:46: warning: ‘_pipe’ directive writing 5 bytes into a region 
of size between 1 and 100 [-Wformat-overflow=]
     sprintf(named_pipe_name, "\\\\.\\pipe\\%s_pipe", service_name);
                                              ^~~~~
service.c:541:5: note: ‘sprintf’ output between 15 and 114 bytes into a 
destination of size ...
     sprintf(named_pipe_name, "\\\\.\\pipe\\%s_pipe", service_name);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


service.c: In function ‘func_service’:
service.c:593:50: warning: ‘_pipe’ directive writing 5 bytes into a region 
of size between 1 and 100 [-Wformat-overflow=]
         sprintf(named_pipe_name, "\\\\.\\pipe\\%s_pipe", service_name);
                                                  ^~~~~
service.c:593:9: note: ‘sprintf’ output between 15 and 114 bytes into a 
destination of size ...
         sprintf(named_pipe_name, "\\\\.\\pipe\\%s_pipe", service_name);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Gerald

Signed-off-by: Gerald Pfeifer <gerald at pfeifer.com>
---
 programs/services/tests/service.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/programs/services/tests/service.c b/programs/services/tests/service.c
index 98419497a5..47adb1a397 100644
--- a/programs/services/tests/service.c
+++ b/programs/services/tests/service.c
@@ -29,7 +29,8 @@
 static SERVICE_STATUS_HANDLE (WINAPI *pRegisterServiceCtrlHandlerExA)(LPCSTR,LPHANDLER_FUNCTION_EX,LPVOID);
 
 static HANDLE pipe_handle = INVALID_HANDLE_VALUE;
-static char service_name[100], named_pipe_name[100];
+static char service_name[100],
+            named_pipe_name[114]; /* will include service_name later on */
 static SERVICE_STATUS_HANDLE service_handle;
 
 /* Service process global variables */
-- 
2.15.1

More information about the wine-devel mailing list