[PATCH 03/17] shell32/autocomplete: Handle heap_alloc failure and avoid a potential buffer overflow
Huw Davies
huw.davies at physics.ox.ac.uk
Thu Sep 6 10:28:47 CDT 2018
On 6 Sep 2018, at 16:05, Gabriel Ivăncescu <gabrielopcode at gmail.com> wrote:
>
> On Thu, Sep 6, 2018 at 5:51 PM, Huw Davies <huw at codeweavers.com> wrote:
>>
>> What does Windows do if it's passed %12s for example?
>>
>> Huw.
>
> On Windows XP it works fine (Internet Explorer uses it) and shows what
> you'd expect from %12s. It's mostly for user interaction anyway, so I
> think Microsoft have some leeway in changing it in each version.
>
> That being said, I honestly don't think that copying security
> vulnerabilities from Windows is a good idea, even if it's technically
> "correct". It's not a good idea to crash on such invalid input in my
> opinion, even if an (unpatched?) Windows version does, especially
> since said input is external to the application.
I suggest we do the sprintf ourselves. All we'd need to do
is replace the first occurrence of '%s' with the appropriate
string. We can ignore width/precision specifiers for now
unless we find that an app actually depends on them.
Huw.
More information about the wine-devel
mailing list