winedbg: Protect fetch_float() in CPU backends against buffer overflow.

Signed-off-by: Eric Pouech <eric.pouech@gmail.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

winedbg: Protect fetch_float() in CPU backends against buffer overflow.
6cee83a6 · Eric Pouech · Alexandre Julliard · 0ed49fab · 6cee83a6 · 6cee83a6
Commit 6cee83a6 authored Nov 26, 2021 by Eric Pouech Committed by Alexandre Julliard Nov 26, 2021
Showing with 4 additions and 0 deletions

be_arm.c programs/winedbg/be_arm.c +1 -0

be_arm64.c programs/winedbg/be_arm64.c +1 -0

be_i386.c programs/winedbg/be_i386.c +1 -0

be_x86_64.c programs/winedbg/be_x86_64.c +1 -0

No files found.
--- a/programs/winedbg/be_arm.c
+++ b/programs/winedbg/be_arm.c
@@ -1859,6 +1859,7 @@ static BOOL be_arm_fetch_float(const struct dbg_lvalue* lvalue, unsigned size, d
    /* FIXME: this assumes that debuggee and debugger use the same
     * representation for reals
     */
+    if (size > sizeof(tmp)) return FALSE;
    if (!memory_read_value(lvalue, size, tmp)) return FALSE;

    if (size == sizeof(float)) *ret = *(float*)tmp;

--- a/programs/winedbg/be_arm64.c
+++ b/programs/winedbg/be_arm64.c
@@ -256,6 +256,7 @@ static BOOL be_arm64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size,
    /* FIXME: this assumes that debuggee and debugger use the same
     * representation for reals
     */
+    if (size > sizeof(tmp)) return FALSE;
    if (!memory_read_value(lvalue, size, tmp)) return FALSE;

    if (size == sizeof(float)) *ret = *(float*)tmp;

--- a/programs/winedbg/be_i386.c
+++ b/programs/winedbg/be_i386.c
@@ -805,6 +805,7 @@ static BOOL be_i386_fetch_float(const struct dbg_lvalue* lvalue, unsigned size, 
    /* FIXME: this assumes that debuggee and debugger use the same 
     * representation for reals
     */
+    if (size > sizeof(tmp)) return FALSE;
    if (!memory_read_value(lvalue, size, tmp)) return FALSE;

    if (size == sizeof(float)) *ret = *(float*)tmp;

--- a/programs/winedbg/be_x86_64.c
+++ b/programs/winedbg/be_x86_64.c
@@ -727,6 +727,7 @@ static BOOL be_x86_64_fetch_float(const struct dbg_lvalue* lvalue, unsigned size
    /* FIXME: this assumes that debuggee and debugger use the same
     * representation for reals
     */
+    if (size > sizeof(tmp)) return FALSE;
    if (!memory_read_value(lvalue, size, tmp)) return FALSE;

    if (size == sizeof(float)) *ret = *(float*)tmp;