Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
956eea6b
Commit
956eea6b
authored
Aug 14, 2009
by
Jacek Caban
Committed by
Alexandre Julliard
Aug 17, 2009
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
dbghelp: Fixed buffer overflow in stabs_parse.
parent
5d3e134b
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
19 additions
and
9 deletions
+19
-9
stabs.c
dlls/dbghelp/stabs.c
+19
-9
No files found.
dlls/dbghelp/stabs.c
View file @
956eea6b
...
...
@@ -1258,6 +1258,21 @@ static void stabs_finalize_function(struct module* module, struct symt_function*
if
(
size
)
func
->
size
=
size
;
}
static
inline
void
stabbuf_append
(
char
**
buf
,
unsigned
*
buf_size
,
const
char
*
str
)
{
unsigned
str_len
,
buf_len
;
str_len
=
strlen
(
str
);
buf_len
=
strlen
(
*
buf
);
if
(
str_len
+
buf_len
>=
*
buf_size
)
{
*
buf_size
+=
buf_len
+
str_len
;
*
buf
=
HeapReAlloc
(
GetProcessHeap
(),
0
,
*
buf
,
*
buf_size
);
}
strcpy
(
*
buf
+
buf_len
,
str
);
}
BOOL
stabs_parse
(
struct
module
*
module
,
unsigned
long
load_offset
,
const
void
*
pv_stab_ptr
,
int
stablen
,
const
char
*
strs
,
int
strtablen
,
...
...
@@ -1317,18 +1332,12 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset,
* next record. Repeat the process until we find a stab without the
* '/' character, as this indicates we have the whole thing.
*/
unsigned
len
=
strlen
(
ptr
);
if
(
strlen
(
stabbuff
)
+
len
>
stabbufflen
)
{
stabbufflen
*=
2
;
stabbuff
=
HeapReAlloc
(
GetProcessHeap
(),
0
,
stabbuff
,
stabbufflen
);
}
strncat
(
stabbuff
,
ptr
,
len
-
1
);
stabbuf_append
(
&
stabbuff
,
&
stabbufflen
,
ptr
);
continue
;
}
else
if
(
stabbuff
[
0
]
!=
'\0'
)
{
st
rcat
(
stabbuff
,
ptr
);
st
abbuf_append
(
&
stabbuff
,
&
stabbufflen
,
ptr
);
ptr
=
stabbuff
;
}
...
...
@@ -1355,7 +1364,8 @@ BOOL stabs_parse(struct module* module, unsigned long load_offset,
*/
if
(
ptr
!=
stabbuff
)
{
strcpy
(
stabbuff
,
ptr
);
stabbuff
[
0
]
=
0
;
stabbuf_append
(
&
stabbuff
,
&
stabbufflen
,
ptr
);
ptr
=
stabbuff
;
}
stab_strcpy
(
symname
,
sizeof
(
symname
),
ptr
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment