[PATCH 9/9] programs/winedbg: protect fetch_float() in CPU backends against buffer overflow

Eric Pouech eric.pouech at gmail.com
Fri Nov 26 10:30:58 CST 2021


Signed-off-by: Eric Pouech <eric.pouech at gmail.com>

---
 programs/winedbg/be_arm.c    |    1 +
 programs/winedbg/be_arm64.c  |    1 +
 programs/winedbg/be_i386.c   |    1 +
 programs/winedbg/be_x86_64.c |    1 +
 4 files changed, 4 insertions(+)

diff --git a/programs/winedbg/be_arm.c b/programs/winedbg/be_arm.c
index 3bf5771439c..451eb50e772 100644
--- a/programs/winedbg/be_arm.c
+++ b/programs/winedbg/be_arm.c
@@ -1859,6 +1859,7 @@ static BOOL be_arm_fetch_float(const struct dbg_lvalue* lvalue, unsigned size, d
     /* FIXME: this assumes that debuggee and debugger use the same
      * representation for reals
      */
+    if (size > sizeof(tmp)) return FALSE;
     if (!memory_read_value(lvalue, size, tmp)) return FALSE;
 
     if (size == sizeof(float)) *ret = *(float*)tmp;
diff --git a/programs/winedbg/be_arm64.c b/programs/winedbg/be_arm64.c
index d7611ba75de..aaf6ecf0bb6 100644
--- a/programs/winedbg/be_arm64.c
+++ b/programs/winedbg/be_arm64.c
@@ -256,6 +256,7 @@ static BOOL be_arm64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size,
     /* FIXME: this assumes that debuggee and debugger use the same
      * representation for reals
      */
+    if (size > sizeof(tmp)) return FALSE;
     if (!memory_read_value(lvalue, size, tmp)) return FALSE;
 
     if (size == sizeof(float)) *ret = *(float*)tmp;
diff --git a/programs/winedbg/be_i386.c b/programs/winedbg/be_i386.c
index e7a1dd9d460..3bb7b9b4240 100644
--- a/programs/winedbg/be_i386.c
+++ b/programs/winedbg/be_i386.c
@@ -805,6 +805,7 @@ static BOOL be_i386_fetch_float(const struct dbg_lvalue* lvalue, unsigned size,
     /* FIXME: this assumes that debuggee and debugger use the same 
      * representation for reals
      */
+    if (size > sizeof(tmp)) return FALSE;
     if (!memory_read_value(lvalue, size, tmp)) return FALSE;
 
     if (size == sizeof(float)) *ret = *(float*)tmp;
diff --git a/programs/winedbg/be_x86_64.c b/programs/winedbg/be_x86_64.c
index 4920bf2d0ca..45c01a70594 100644
--- a/programs/winedbg/be_x86_64.c
+++ b/programs/winedbg/be_x86_64.c
@@ -727,6 +727,7 @@ static BOOL be_x86_64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size
     /* FIXME: this assumes that debuggee and debugger use the same
      * representation for reals
      */
+    if (size > sizeof(tmp)) return FALSE;
     if (!memory_read_value(lvalue, size, tmp)) return FALSE;
 
     if (size == sizeof(float)) *ret = *(float*)tmp;




More information about the wine-devel mailing list