[PATCH 8/9] programs/winedbg: protect against incorrect integer size in be_cpu.fetch_integer() method
Eric Pouech
eric.pouech at gmail.com
Fri Nov 26 10:30:52 CST 2021
Signed-off-by: Eric Pouech <eric.pouech at gmail.com>
---
programs/winedbg/be_arm.c | 3 ++-
programs/winedbg/be_arm64.c | 3 ++-
programs/winedbg/be_i386.c | 3 ++-
programs/winedbg/be_x86_64.c | 4 ++--
4 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/programs/winedbg/be_arm.c b/programs/winedbg/be_arm.c
index fa25ce8dd2b..3bf5771439c 100644
--- a/programs/winedbg/be_arm.c
+++ b/programs/winedbg/be_arm.c
@@ -1834,7 +1834,8 @@ static int be_arm_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
static BOOL be_arm_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
BOOL is_signed, LONGLONG* ret)
{
- if (size != 1 && size != 2 && size != 4 && size != 8) return FALSE;
+ /* size must fit in ret and be a power of two */
+ if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;
memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
/* FIXME: this assumes that debuggee and debugger use the same
diff --git a/programs/winedbg/be_arm64.c b/programs/winedbg/be_arm64.c
index 9ceb9291d54..d7611ba75de 100644
--- a/programs/winedbg/be_arm64.c
+++ b/programs/winedbg/be_arm64.c
@@ -231,7 +231,8 @@ static int be_arm64_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
static BOOL be_arm64_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
BOOL is_signed, LONGLONG* ret)
{
- if (size != 1 && size != 2 && size != 4 && size != 8) return FALSE;
+ /* size must fit in ret and be a power of two */
+ if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;
memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
/* FIXME: this assumes that debuggee and debugger use the same
diff --git a/programs/winedbg/be_i386.c b/programs/winedbg/be_i386.c
index 08d0841a208..e7a1dd9d460 100644
--- a/programs/winedbg/be_i386.c
+++ b/programs/winedbg/be_i386.c
@@ -780,7 +780,8 @@ static int be_i386_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
static BOOL be_i386_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
BOOL is_signed, LONGLONG* ret)
{
- if (size != 1 && size != 2 && size != 4 && size != 8 && size != 16) return FALSE;
+ /* size must fit in ret and be a power of two */
+ if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;
memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
/* FIXME: this assumes that debuggee and debugger use the same
diff --git a/programs/winedbg/be_x86_64.c b/programs/winedbg/be_x86_64.c
index c2839cf4097..4920bf2d0ca 100644
--- a/programs/winedbg/be_x86_64.c
+++ b/programs/winedbg/be_x86_64.c
@@ -702,8 +702,8 @@ static int be_x86_64_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
static BOOL be_x86_64_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
BOOL is_signed, LONGLONG* ret)
{
- if (size != 1 && size != 2 && size != 4 && size != 8 && size != 16)
- return FALSE;
+ /* size must fit in ret and be a power of two */
+ if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;
memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
/* FIXME: this assumes that debuggee and debugger use the same
More information about the wine-devel
mailing list