[PATCH 9/9] programs/winedbg: protect fetch_float() in CPU backends against buffer overflow
Eric Pouech
eric.pouech at gmail.com
Fri Nov 26 10:30:58 CST 2021
Signed-off-by: Eric Pouech <eric.pouech at gmail.com>
---
programs/winedbg/be_arm.c | 1 +
programs/winedbg/be_arm64.c | 1 +
programs/winedbg/be_i386.c | 1 +
programs/winedbg/be_x86_64.c | 1 +
4 files changed, 4 insertions(+)
diff --git a/programs/winedbg/be_arm.c b/programs/winedbg/be_arm.c
index 3bf5771439c..451eb50e772 100644
--- a/programs/winedbg/be_arm.c
+++ b/programs/winedbg/be_arm.c
@@ -1859,6 +1859,7 @@ static BOOL be_arm_fetch_float(const struct dbg_lvalue* lvalue, unsigned size, d
/* FIXME: this assumes that debuggee and debugger use the same
* representation for reals
*/
+ if (size > sizeof(tmp)) return FALSE;
if (!memory_read_value(lvalue, size, tmp)) return FALSE;
if (size == sizeof(float)) *ret = *(float*)tmp;
diff --git a/programs/winedbg/be_arm64.c b/programs/winedbg/be_arm64.c
index d7611ba75de..aaf6ecf0bb6 100644
--- a/programs/winedbg/be_arm64.c
+++ b/programs/winedbg/be_arm64.c
@@ -256,6 +256,7 @@ static BOOL be_arm64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size,
/* FIXME: this assumes that debuggee and debugger use the same
* representation for reals
*/
+ if (size > sizeof(tmp)) return FALSE;
if (!memory_read_value(lvalue, size, tmp)) return FALSE;
if (size == sizeof(float)) *ret = *(float*)tmp;
diff --git a/programs/winedbg/be_i386.c b/programs/winedbg/be_i386.c
index e7a1dd9d460..3bb7b9b4240 100644
--- a/programs/winedbg/be_i386.c
+++ b/programs/winedbg/be_i386.c
@@ -805,6 +805,7 @@ static BOOL be_i386_fetch_float(const struct dbg_lvalue* lvalue, unsigned size,
/* FIXME: this assumes that debuggee and debugger use the same
* representation for reals
*/
+ if (size > sizeof(tmp)) return FALSE;
if (!memory_read_value(lvalue, size, tmp)) return FALSE;
if (size == sizeof(float)) *ret = *(float*)tmp;
diff --git a/programs/winedbg/be_x86_64.c b/programs/winedbg/be_x86_64.c
index 4920bf2d0ca..45c01a70594 100644
--- a/programs/winedbg/be_x86_64.c
+++ b/programs/winedbg/be_x86_64.c
@@ -727,6 +727,7 @@ static BOOL be_x86_64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size
/* FIXME: this assumes that debuggee and debugger use the same
* representation for reals
*/
+ if (size > sizeof(tmp)) return FALSE;
if (!memory_read_value(lvalue, size, tmp)) return FALSE;
if (size == sizeof(float)) *ret = *(float*)tmp;
More information about the wine-devel
mailing list