[PATCH] kernelbase: Fix string size variable overflow in GetModuleFileNameW().
Paul Gofman
pgofman at codeweavers.com
Mon Oct 4 04:21:10 CDT 2021
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=51833
Signed-off-by: Paul Gofman <pgofman at codeweavers.com>
---
dlls/kernel32/tests/module.c | 5 +++++
dlls/kernelbase/loader.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/dlls/kernel32/tests/module.c b/dlls/kernel32/tests/module.c
index 2487b9d65ab..60654754302 100644
--- a/dlls/kernel32/tests/module.c
+++ b/dlls/kernel32/tests/module.c
@@ -190,6 +190,11 @@ static void testGetModuleFileName(const char* name)
ok(len1A / 2 == len2A,
"Correct length in GetModuleFilenameA with buffer too small (%d/%d)\n", len1A / 2, len2A);
+
+ len1A = GetModuleFileNameA(hMod, bufA, 0x10000);
+ ok(len1A > 0, "Getting module filename for handle %p\n", hMod);
+ len1W = GetModuleFileNameW(hMod, bufW, 0x10000);
+ ok(len1W > 0, "Getting module filename for handle %p\n", hMod);
}
static void testGetModuleFileName_Wrong(void)
diff --git a/dlls/kernelbase/loader.c b/dlls/kernelbase/loader.c
index 145d721bc26..b2bbdc29234 100644
--- a/dlls/kernelbase/loader.c
+++ b/dlls/kernelbase/loader.c
@@ -311,7 +311,7 @@ DWORD WINAPI DECLSPEC_HOTPATCH GetModuleFileNameW( HMODULE module, LPWSTR filena
}
name.Buffer = filename;
- name.MaximumLength = size * sizeof(WCHAR);
+ name.MaximumLength = min( size, (USHORT)~0 / sizeof(WCHAR) ) * sizeof(WCHAR);
status = LdrGetDllFullName( module, &name );
if (!status || status == STATUS_BUFFER_TOO_SMALL) len = name.Length / sizeof(WCHAR);
SetLastError( RtlNtStatusToDosError( status ));
--
2.31.1
More information about the wine-devel
mailing list