Amebis/wxWidgets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix buffer overflow in wxMSW stack walking code

Browse Source 
VarSizedStruct buffer had a too small size in Unicode build as it forgot
to multiply the name length by sizeof(TCHAR), resulting in overwriting
memory on the stack after it when calling SymFromAddrW().

Closes #18127.
This commit is contained in:
Vadim Zeitlin
2018-05-02 22:30:58 +02:00
parent 6e093f5a84
commit f10487f060
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/changes.txt
View File

@@ -90,6 +90,7 @@ wxMSW:
- Fix hang after clearing wxTAB_TRAVERSAL style on a window with children. - Fix hang after clearing wxTAB_TRAVERSAL style on a window with children.
- Fix handling of AUX2 mouse button events (Trylz). - Fix handling of AUX2 mouse button events (Trylz).
- Fix saving/restoring window position for maximized windows. - Fix saving/restoring window position for maximized windows.
- Fix stack corruption when using wxStackWalker (srfisk).
3.1.1: (released 2018-02-19) 3.1.1: (released 2018-02-19)

4
src/msw/debughlp.cpp
View File

@@ -66,7 +66,7 @@ class VarSizedStruct
public: public:
VarSizedStruct() VarSizedStruct()
{ {
::ZeroMemory(m_buffer, sizeof(T) + MAX_NAME_LEN); ::ZeroMemory(m_buffer, sizeof(T) + MAX_NAME_LEN*sizeof(TCHAR));
(*this)->SizeOfStruct = sizeof(T); (*this)->SizeOfStruct = sizeof(T);
(*this)->MaxNameLen = MAX_NAME_LEN; (*this)->MaxNameLen = MAX_NAME_LEN;
@@ -87,7 +87,7 @@ private:
// if we wanted. // if we wanted.
enum { MAX_NAME_LEN = 1024 }; enum { MAX_NAME_LEN = 1024 };
BYTE m_buffer[sizeof(T) + MAX_NAME_LEN]; BYTE m_buffer[sizeof(T) + MAX_NAME_LEN*sizeof(TCHAR)];
}; };
} // anonymous namespace } // anonymous namespace