Skip to content

W
wine-winehq
Commit 43ae5e54 authored by Ken Belleau's avatar Ken Belleau Committed by Alexandre Julliard
Browse files
Options

- Used wine_dbgstr_a to prevent an overflow.

- Improved support to call macros with a variable number of parameters. - Put a check to prevent an out of bounds access.
parent c5b0a179
Hide whitespace changes
Inline Side-by-side
Showing with 22 additions and 11 deletions
programs/winhelp/hlp2sgml.c
View file @ 43ae5e54
...@@ -323,6 +323,11 @@ int wine_dbg_log( int cls, const char *channel, const char *func, const char *fo ...@@ -323,6 +323,11 @@ int wine_dbg_log( int cls, const char *channel, const char *func, const char *fo
return 1; return 1;
} }
const char *wine_dbgstr_a( const char *s )
{
return NULL;
}
HBITMAP WINAPI CreateDIBitmap(HDC hdc, CONST BITMAPINFOHEADER* bih, DWORD a, CONST void* ptr, CONST BITMAPINFO* bi, UINT c) HBITMAP WINAPI CreateDIBitmap(HDC hdc, CONST BITMAPINFOHEADER* bih, DWORD a, CONST void* ptr, CONST BITMAPINFO* bi, UINT c)
{ {
return 0; return 0;
......
programs/winhelp/hlpfile.c
View file @ 43ae5e54
...@@ -915,7 +915,7 @@ static BOOL HLPFILE_AddParagraph(HLPFILE *hlpfile, BYTE *buf, BYTE *end, unsigne ...@@ -915,7 +915,7 @@ static BOOL HLPFILE_AddParagraph(HLPFILE *hlpfile, BYTE *buf, BYTE *end, unsigne
while (text < text_end && format < format_end) while (text < text_end && format < format_end)
{ {
WINE_TRACE("Got text: '%s' (%p/%p - %p/%p)\n", text, text, text_end, format, format_end); WINE_TRACE("Got text: '%s' (%p/%p - %p/%p)\n", wine_dbgstr_a(text), text, text_end, format, format_end);
textsize = strlen(text) + 1; textsize = strlen(text) + 1;
if (textsize > 1) if (textsize > 1)
{ {
......
programs/winhelp/macro.lex.l
View file @ 43ae5e54
...@@ -144,7 +144,7 @@ static int MACRO_CallBoolFunc(FARPROC fn, const char* args, void** ret); ...@@ -144,7 +144,7 @@ static int MACRO_CallBoolFunc(FARPROC fn, const char* args, void** ret);
static int MACRO_CheckArgs(void* pa[], unsigned max, const char* args) static int MACRO_CheckArgs(void* pa[], unsigned max, const char* args)
{ {
int t; int t;
int idx = 0; int len = 0, idx = 0;
WINE_TRACE("Checking %s\n", args); WINE_TRACE("Checking %s\n", args);
...@@ -152,6 +152,7 @@ static int MACRO_CheckArgs(void* pa[], unsigned max, const char* args) ...@@ -152,6 +152,7 @@ static int MACRO_CheckArgs(void* pa[], unsigned max, const char* args)
if (*args) if (*args)
{ {
len = strlen(args);
for (;;) for (;;)
{ {
t = yylex(); t = yylex();
...@@ -182,11 +183,16 @@ static int MACRO_CheckArgs(void* pa[], unsigned max, const char* args) ...@@ -182,11 +183,16 @@ static int MACRO_CheckArgs(void* pa[], unsigned max, const char* args)
} }
idx++; idx++;
if (*++args == '\0') break; if (*++args == '\0') break;
if (yylex() != ',') {WINE_WARN("missing ,\n");return -1;} t = yylex();
if (idx == max) {WINE_FIXME("stack overflow (%d)\n", max);return -1;} if (t == ')') goto CheckArgs_end;
if (t != ',') {WINE_WARN("missing ,\n");return -1;}
if (idx >= max) {WINE_FIXME("stack overflow (%d)\n", max);return -1;}
} }
} }
if (yylex() != ')') {WINE_WARN("missing )\n");return -1;} if (yylex() != ')') {WINE_WARN("missing )\n");return -1;}
CheckArgs_end:
while (len > idx) pa[--len] = NULL;
return idx; return idx;
} }
...@@ -201,12 +207,12 @@ static int MACRO_CallBoolFunc(FARPROC fn, const char* args, void** ret) ...@@ -201,12 +207,12 @@ static int MACRO_CallBoolFunc(FARPROC fn, const char* args, void** ret)
void* pa[2]; void* pa[2];
int idx = MACRO_CheckArgs(pa, sizeof(pa)/sizeof(pa[0]), args); int idx = MACRO_CheckArgs(pa, sizeof(pa)/sizeof(pa[0]), args);
if (idx == -1) return 0; if (idx < 0) return 0;
if (!fn) return 1; if (!fn) return 1;
WINE_TRACE("calling with %u pmts\n", idx); WINE_TRACE("calling with %u pmts\n", idx);
switch (idx) switch (strlen(args))
{ {
case 0: *ret = (void*)(fn)(); break; case 0: *ret = (void*)(fn)(); break;
case 1: *ret = (void*)(fn)(pa[0]); break; case 1: *ret = (void*)(fn)(pa[0]); break;
...@@ -226,12 +232,12 @@ static int MACRO_CallVoidFunc(FARPROC fn, const char* args) ...@@ -226,12 +232,12 @@ static int MACRO_CallVoidFunc(FARPROC fn, const char* args)
void* pa[6]; void* pa[6];
int idx = MACRO_CheckArgs(pa, sizeof(pa)/sizeof(pa[0]), args); int idx = MACRO_CheckArgs(pa, sizeof(pa)/sizeof(pa[0]), args);
if (idx == -1) return 0; if (idx < 0) return 0;
if (!fn) return 1; if (!fn) return 1;
WINE_TRACE("calling %p with %u pmts\n", fn, idx); WINE_TRACE("calling %p with %u pmts\n", fn, idx);
switch (idx) switch (strlen(args))
{ {
case 0: (fn)(); break; case 0: (fn)(); break;
case 1: (fn)(pa[0]); break; case 1: (fn)(pa[0]); break;
......
programs/winhelp/winhelp.c
View file @ 43ae5e54
...@@ -1089,7 +1089,7 @@ static LRESULT CALLBACK WINHELP_TextWndProc(HWND hWnd, UINT msg, WPARAM wParam, ...@@ -1089,7 +1089,7 @@ static LRESULT CALLBACK WINHELP_TextWndProc(HWND hWnd, UINT msg, WPARAM wParam,
hlpfile = WINHELP_LookupHelpFile(part->link->lpszString); hlpfile = WINHELP_LookupHelpFile(part->link->lpszString);
if (part->link->window == -1) if (part->link->window == -1)
wi = win->info; wi = win->info;
else if (part->link->window < hlpfile->numWindows) else if ((part->link->window >= 0) && (part->link->window < hlpfile->numWindows))
wi = &hlpfile->windows[part->link->window]; wi = &hlpfile->windows[part->link->window];
else else
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment