[PATCH] winex11.drv: Fix invalid range when reading GTK_WORKAREAS_D0 (valgrind).
Rémi Bernon
rbernon at codeweavers.com
Mon Mar 8 02:14:22 CST 2021
Invalid read of size 8
at 0x559B816: get_work_area (display.c:296)
by 0x55DC8C1: query_screens (xinerama.c:103)
by 0x55DC8C1: xinerama_init (xinerama.c:275)
by 0x55D6F47: process_attach (x11drv_main.c:602)
by 0x55D6F47: DllMain (x11drv_main.c:721)
by 0x7BC35819: call_dll_entry_point (loader.c:285)
by 0x7BC35819: MODULE_InitDLL (loader.c:1317)
by 0x7BC362ED: process_attach.part.0 (loader.c:1411)
by 0x7BC3B843: process_attach (loader.c:1382)
by 0x7BC3B843: LdrLoadDll (loader.c:2765)
by 0x7B025C85: load_library (loader.c:172)
by 0x7B026B72: LoadLibraryExW (loader.c:522)
by 0x7B026BE5: LoadLibraryW (loader.c:492)
by 0x40990D: load_graphics_driver (desktop.c:844)
by 0x40990D: manage_desktop (desktop.c:1010)
by 0x40C6B3: parse_command_line (explorer.c:836)
by 0x40C6B3: wWinMain (explorer.c:865)
by 0x4103F2: wmain (crt_wwinmain.c:55)
Address 0x5272370 is 16 bytes before an unallocated block of size 3,132,512 in arena "client"
Signed-off-by: Rémi Bernon <rbernon at codeweavers.com>
---
dlls/winex11.drv/display.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dlls/winex11.drv/display.c b/dlls/winex11.drv/display.c
index 0f61f9f7b2e..b647455a01f 100644
--- a/dlls/winex11.drv/display.c
+++ b/dlls/winex11.drv/display.c
@@ -289,9 +289,9 @@ RECT get_work_area(const RECT *monitor_rect)
x11drv_atom(_GTK_WORKAREAS_D0), 0, ~0, False, XA_CARDINAL, &type,
&format, &count, &remaining, (unsigned char **)&work_area))
{
- if (type == XA_CARDINAL && format == 32 && count >= 4)
+ if (type == XA_CARDINAL && format == 32)
{
- for (i = 0; i + 3 < count; i += 4)
+ for (i = 0; i < count / 4; ++i)
{
work_rect.left = work_area[i * 4];
work_rect.top = work_area[i * 4 + 1];
--
2.30.0
More information about the wine-devel
mailing list