winedbg: Protect against incorrect integer size in be_cpu.fetch_integer() method.

Signed-off-by: Eric Pouech <eric.pouech@gmail.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

winedbg: Protect against incorrect integer size in be_cpu.fetch_integer() method.
0ed49fab · Eric Pouech · Alexandre Julliard · c8006d07 · 0ed49fab · 0ed49fab
Commit 0ed49fab authored Nov 26, 2021 by Eric Pouech Committed by Alexandre Julliard Nov 26, 2021
Showing with 8 additions and 5 deletions

be_arm.c programs/winedbg/be_arm.c +2 -1

be_arm64.c programs/winedbg/be_arm64.c +2 -1

be_i386.c programs/winedbg/be_i386.c +2 -1

be_x86_64.c programs/winedbg/be_x86_64.c +2 -2

No files found.
--- a/programs/winedbg/be_arm.c
+++ b/programs/winedbg/be_arm.c
@@ -1834,7 +1834,8 @@ static int be_arm_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
 static BOOL be_arm_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
                                 BOOL is_signed, LONGLONG* ret)
 {
-    if (size != 1 && size != 2 && size != 4 && size != 8) return FALSE;
+    /* size must fit in ret and be a power of two */
+    if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;

    memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
    /* FIXME: this assumes that debuggee and debugger use the same

--- a/programs/winedbg/be_arm64.c
+++ b/programs/winedbg/be_arm64.c
@@ -231,7 +231,8 @@ static int be_arm64_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
 static BOOL be_arm64_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
                                   BOOL is_signed, LONGLONG* ret)
 {
-    if (size != 1 && size != 2 && size != 4 && size != 8) return FALSE;
+    /* size must fit in ret and be a power of two */
+    if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;

    memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
    /* FIXME: this assumes that debuggee and debugger use the same

--- a/programs/winedbg/be_i386.c
+++ b/programs/winedbg/be_i386.c
@@ -780,7 +780,8 @@ static int be_i386_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
 static BOOL be_i386_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
                                  BOOL is_signed, LONGLONG* ret)
 {
-    if (size != 1 && size != 2 && size != 4 && size != 8 && size != 16) return FALSE;
+    /* size must fit in ret and be a power of two */
+    if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;

    memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
    /* FIXME: this assumes that debuggee and debugger use the same

--- a/programs/winedbg/be_x86_64.c
+++ b/programs/winedbg/be_x86_64.c
@@ -702,8 +702,8 @@ static int be_x86_64_adjust_pc_for_break(dbg_ctx_t *ctx, BOOL way)
 static BOOL be_x86_64_fetch_integer(const struct dbg_lvalue* lvalue, unsigned size,
                                    BOOL is_signed, LONGLONG* ret)
 {
-    if (size != 1 && size != 2 && size != 4 && size != 8 && size != 16)
-        return FALSE;
+    /* size must fit in ret and be a power of two */
+    if (size > sizeof(*ret) || (size & (size - 1))) return FALSE;

    memset(ret, 0, sizeof(*ret)); /* clear unread bytes */
    /* FIXME: this assumes that debuggee and debugger use the same