winedbg: Extend buffer in packet_query_monitor_process to avoid avoid overrun/truncation.

Gerald Pfeifer gerald at
Sun Oct 2 00:40:36 CDT 2016

PROCESSENTRY32 declares szExeFile as char[MAX_PATH], yet buffer 
in packet_query_monitor_process is declared as char[128].

This means

    snprintf(buffer, sizeof(buffer),
             "%c%08x %-8d %08x '%s'\n",
             deco, entry.th32ProcessID, entry.cntThreads,
             entry.th32ParentProcessID, entry.szExeFile);

there may be running over (well, not really, since it's snprintf, 
not plain sprintf, but still).

GCC 7 is going to warn about this, by the way.


Signed-off-by: Gerald Pfeifer <gerald at>
 programs/winedbg/gdbproxy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/winedbg/gdbproxy.c b/programs/winedbg/gdbproxy.c
index 7f0a8c9..f94fef5 100644
--- a/programs/winedbg/gdbproxy.c
+++ b/programs/winedbg/gdbproxy.c
@@ -1710,7 +1710,7 @@ static void packet_query_monitor_wnd(struct gdb_context* gdbctx, int len, const
 static void packet_query_monitor_process(struct gdb_context* gdbctx, int len, const char* str)
     HANDLE              snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
-    char                buffer[128];
+    char                buffer[31+MAX_PATH];
     char                deco;
     PROCESSENTRY32      entry;
     BOOL                ok;

More information about the wine-patches mailing list