[PATCH 1/7] [cmd] Dont overflow parameter length when copying substring
Ann and Jason Edmeades
jason at edmeades.me.uk
Mon Nov 5 16:21:40 CST 2012
When a length is supplied in a %var:~start,length% syntax make sure
it does not overflow the end of the variable buffer.
[fixes a todo in the tests]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-patches/attachments/20121105/e5b16a98/attachment-0001.html>
-------------- next part --------------
From 93b469aab15451cc2d5f337dacaaa111dcd1957e Mon Sep 17 00:00:00 2001
From: Jason Edmeades <jason at edmeades.me.uk>
Date: Thu, 25 Oct 2012 21:17:13 +0100
Subject: [PATCH 1/7] [cmd] Dont overflow parameter length when copying
substring
When a length is supplied in a %var:~start,length% syntax make sure
it does not overflow the end of the variable buffer.
[fixes a todo in the tests]
---
programs/cmd/tests/test_builtins.cmd.exp | 2 +-
programs/cmd/wcmdmain.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/programs/cmd/tests/test_builtins.cmd.exp b/programs/cmd/tests/test_builtins.cmd.exp
index aeaa14d..8a7e3fa 100644
--- a/programs/cmd/tests/test_builtins.cmd.exp
+++ b/programs/cmd/tests/test_builtins.cmd.exp
@@ -275,7 +275,7 @@ P0S
q
qwe
er
- at todo_wine@'ty'@or_broken@''
+'ty'@or_broken@''
't'@or_broken@''
ert at or_broken@qwerty
e at or_broken@qwerty
diff --git a/programs/cmd/wcmdmain.c b/programs/cmd/wcmdmain.c
index 89c1327..534e5a6 100644
--- a/programs/cmd/wcmdmain.c
+++ b/programs/cmd/wcmdmain.c
@@ -730,6 +730,7 @@ static WCHAR *WCMD_expand_envvar(WCHAR *start,
else if (copybytes < 0) copybytes = 0;
WCMD_strsubstW(start, endOfVar + 1, startCopy, copybytes);
} else {
+ substrlength = min(substrlength, len - (startCopy- thisVarContents + 1));
WCMD_strsubstW(start, endOfVar + 1, startCopy, substrlength);
}
--
1.7.9.5
More information about the wine-patches
mailing list