Bug#980048: FTBFS: -Werror=array-bounds in dlls/shell32/cpanelfolder.c
Source: wine
Version: 5.0.3-1
Severity: serious
Tags: upstream fixed-upstream patch ftbfs
Justification: fails to build from source (but built successfully in the past)
wine_5.0.3-1 failed to build from source on all architectures. Was the
upload perhaps tested with an older toolchain than the one currently
in unstable?
> In function ‘_ILCreateCPanelApplet’,
> inlined from ‘SHELL_RegisterCPanelApp’ at cpanelfolder.c:323:20:
> cpanelfolder.c:262:5: error: ‘strcpy’ offset 12 from the object at ‘pidl’ is out of the bounds of referenced subobject ‘szName’ with type ‘CHAR[1]’ {aka ‘char[1]’} at offset 12 [-Werror=array-bounds]
> 262 | strcpy(p->szName, name);
> | ^~~~~~~~~~~~~~~~~~~~~~~
> In file included from cpanelfolder.c:44:
> cpanelfolder.c: In function ‘SHELL_RegisterCPanelApp’:
> pidl.h:119:10: note: subobject ‘szName’ declared here
> 119 | CHAR szName[1]; /*10*/ /* terminated by 0x00, followed by display name and comment string */
> | ^~~~~~
> In file included from cpanelfolder.c:34:
> In function ‘lstrcpyA’,
> inlined from ‘IShellExecuteHookA_fnExecute’ at cpanelfolder.c:1080:5:
> ../../include/winbase.h:2853:12: error: ‘strcpy’ offset 10 from the object at ‘pdata’ is out of the bounds of referenced subobject ‘szName’ with type ‘CHAR[1]’ {aka ‘char[1]’} at offset 10 [-Werror=array-bounds]
> 2853 | return strcpy( dst, src );
> | ^~~~~~~~~~~~~~~~~~
> In file included from cpanelfolder.c:44:
> cpanelfolder.c: In function ‘IShellExecuteHookA_fnExecute’:
> pidl.h:119:10: note: subobject ‘szName’ declared here
> 119 | CHAR szName[1]; /*10*/ /* terminated by 0x00, followed by display name and comment string */
> | ^~~~~~
This appears to be a false positive caused by an array of length 1 being
used as though it was a C99 flexible array member.
The attached upstream patch seems to fix this, at least on amd64 (I haven't
tried i386 or arm*).
smcv
From: Alexandre Julliard <julliard@winehq.org>
Date: Thu, 26 Nov 2020 17:31:53 +0100
Subject: shell32: Silence buffer overflow compiler warnings.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
Origin: upstream, 6.0-rc1, commit:6624cabbb7cfe33c179a02238b4c9b91d3c3297e
---
dlls/shell32/cpanelfolder.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/dlls/shell32/cpanelfolder.c b/dlls/shell32/cpanelfolder.c
index ea5e9e2..114eb6b 100644
--- a/dlls/shell32/cpanelfolder.c
+++ b/dlls/shell32/cpanelfolder.c
@@ -259,9 +259,9 @@ static LPITEMIDLIST _ILCreateCPanelApplet(LPCSTR name, LPCSTR displayName,
memcpy(pidl->mkid.abID, &tmp, 2+size0);
p = &((PIDLDATA*)pidl->mkid.abID)->u.cpanel;
- strcpy(p->szName, name);
- strcpy(p->szName+tmp.u.cpanel.offsDispName, displayName);
- strcpy(p->szName+tmp.u.cpanel.offsComment, comment);
+ memcpy(p->szName, name, strlen(name) + 1);
+ memcpy(p->szName+tmp.u.cpanel.offsDispName, displayName, strlen(displayName) + 1);
+ memcpy(p->szName+tmp.u.cpanel.offsComment, comment, strlen(comment) + 1);
*(WORD*)((char*)pidl+(size+2)) = 0;
@@ -1077,7 +1077,7 @@ static HRESULT WINAPI IShellExecuteHookA_fnExecute(IShellExecuteHookA *iface,
return E_INVALIDARG;
path[0] = '\"';
- lstrcpyA(path+1, pcpanel->szName);
+ memcpy(path+1, pcpanel->szName, strlen(pcpanel->szName) + 1);
/* pass applet name to Control_RunDLL to distinguish between applets in one .cpl file */
lstrcatA(path, "\" ");
Reply to: