[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#980048: marked as done (FTBFS: -Werror=array-bounds in dlls/shell32/cpanelfolder.c)

Your message dated Sat, 16 Jan 2021 02:34:29 +0000
with message-id <E1l0bQ5-000BYn-OO@fasolo.debian.org>
and subject line Bug#980048: fixed in wine 5.0.3-2
has caused the Debian Bug report #980048,
regarding FTBFS: -Werror=array-bounds in dlls/shell32/cpanelfolder.c
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
980048: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980048
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: wine
Version: 5.0.3-1
Severity: serious
Tags: upstream fixed-upstream patch ftbfs
Justification: fails to build from source (but built successfully in the past)

wine_5.0.3-1 failed to build from source on all architectures. Was the
upload perhaps tested with an older toolchain than the one currently
in unstable?

> In function ‘_ILCreateCPanelApplet’,
>     inlined from ‘SHELL_RegisterCPanelApp’ at cpanelfolder.c:323:20:
> cpanelfolder.c:262:5: error: ‘strcpy’ offset 12 from the object at ‘pidl’ is out of the bounds of referenced subobject ‘szName’ with type ‘CHAR[1]’ {aka ‘char[1]’} at offset 12 [-Werror=array-bounds]
>   262 |     strcpy(p->szName, name);
>       |     ^~~~~~~~~~~~~~~~~~~~~~~
> In file included from cpanelfolder.c:44:
> cpanelfolder.c: In function ‘SHELL_RegisterCPanelApp’:
> pidl.h:119:10: note: subobject ‘szName’ declared here
>   119 |     CHAR szName[1];  /*10*/ /* terminated by 0x00, followed by display name and comment string */
>       |          ^~~~~~
> In file included from cpanelfolder.c:34:
> In function ‘lstrcpyA’,
>     inlined from ‘IShellExecuteHookA_fnExecute’ at cpanelfolder.c:1080:5:
> ../../include/winbase.h:2853:12: error: ‘strcpy’ offset 10 from the object at ‘pdata’ is out of the bounds of referenced subobject ‘szName’ with type ‘CHAR[1]’ {aka ‘char[1]’} at offset 10 [-Werror=array-bounds]
>  2853 |     return strcpy( dst, src );
>       |            ^~~~~~~~~~~~~~~~~~
> In file included from cpanelfolder.c:44:
> cpanelfolder.c: In function ‘IShellExecuteHookA_fnExecute’:
> pidl.h:119:10: note: subobject ‘szName’ declared here
>   119 |     CHAR szName[1];  /*10*/ /* terminated by 0x00, followed by display name and comment string */
>       |          ^~~~~~

This appears to be a false positive caused by an array of length 1 being
used as though it was a C99 flexible array member.

The attached upstream patch seems to fix this, at least on amd64 (I haven't
tried i386 or arm*).

    smcv

From: Alexandre Julliard <julliard@winehq.org>
Date: Thu, 26 Nov 2020 17:31:53 +0100
Subject: shell32: Silence buffer overflow compiler warnings.

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
Origin: upstream, 6.0-rc1, commit:6624cabbb7cfe33c179a02238b4c9b91d3c3297e
---
 dlls/shell32/cpanelfolder.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dlls/shell32/cpanelfolder.c b/dlls/shell32/cpanelfolder.c
index ea5e9e2..114eb6b 100644
--- a/dlls/shell32/cpanelfolder.c
+++ b/dlls/shell32/cpanelfolder.c
@@ -259,9 +259,9 @@ static LPITEMIDLIST _ILCreateCPanelApplet(LPCSTR name, LPCSTR displayName,
     memcpy(pidl->mkid.abID, &tmp, 2+size0);
 
     p = &((PIDLDATA*)pidl->mkid.abID)->u.cpanel;
-    strcpy(p->szName, name);
-    strcpy(p->szName+tmp.u.cpanel.offsDispName, displayName);
-    strcpy(p->szName+tmp.u.cpanel.offsComment, comment);
+    memcpy(p->szName, name, strlen(name) + 1);
+    memcpy(p->szName+tmp.u.cpanel.offsDispName, displayName, strlen(displayName) + 1);
+    memcpy(p->szName+tmp.u.cpanel.offsComment, comment, strlen(comment) + 1);
 
     *(WORD*)((char*)pidl+(size+2)) = 0;
 
@@ -1077,7 +1077,7 @@ static HRESULT WINAPI IShellExecuteHookA_fnExecute(IShellExecuteHookA *iface,
 	return E_INVALIDARG;
 
     path[0] = '\"';
-    lstrcpyA(path+1, pcpanel->szName);
+    memcpy(path+1, pcpanel->szName, strlen(pcpanel->szName) + 1);
 
     /* pass applet name to Control_RunDLL to distinguish between applets in one .cpl file */
     lstrcatA(path, "\" ");

--- End Message ---
--- Begin Message --- 
Source: wine
Source-Version: 5.0.3-2
Done: Michael Gilbert <mgilbert@debian.org>

We believe that the bug you reported is fixed in the latest version of
wine, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 980048@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated wine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 16 Jan 2021 01:20:17 +0000
Source: wine
Architecture: source
Version: 5.0.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Wine Party <debian-wine@lists.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Closes: 980048
Changes:
 wine (5.0.3-2) unstable; urgency=medium
 .
   * Work around array bounds compiler warnings (closes: #980048).
Checksums-Sha1:
 dc2c9bdf9203eb9756e354a14cb77d2708f67017 4649 wine_5.0.3-2.dsc
 52a344ca5bc97dc706163c935acba3d145422559 215136 wine_5.0.3-2.debian.tar.xz
 7ff3685636cf6515838a4daa643e28529855b2e7 19831 wine_5.0.3-2_source.buildinfo
Checksums-Sha256:
 0036f671c42c783ed3ba9ab9ecc3bdbf0d737ce0d1cf6168865cedfe921fabda 4649 wine_5.0.3-2.dsc
 699a1f055bf03eaa75663355e5744416b15da6807e0201fb191ad715674a84fc 215136 wine_5.0.3-2.debian.tar.xz
 34468808ef85dc58740dcb96f29fea4c4d4631ddf808b7697d3ef74c5a22a834 19831 wine_5.0.3-2_source.buildinfo
Files:
 444e59ea00e3358195a1690eb48632a4 4649 otherosfs optional wine_5.0.3-2.dsc
 a03beade695ecf75101e572bb60b0820 215136 otherosfs optional wine_5.0.3-2.debian.tar.xz
 92c208aeb9634c6ef7391e7bc9ad5ac1 19831 otherosfs optional wine_5.0.3-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEIwTlZiOEpzUxIyp4mD40ZYkUaygFAmACRuoACgkQmD40ZYkU
ayhuFh/6AqjwaGM2ZxN1zxW9Ozn1skxKwndAiHzO+Qg2SrCfrXOLIXrMQLcQjdK3
Q3U0SmVH0uB1i3/qO+VK4RquzTLUjr128IYFvpOu2ZBJCqQTzKLTWED52E26jsF3
Qrh88WijjVUuwHdBfaX1VCs6eGqE19SxHmri7Lzk0GB9NpWKXcBXdPvgjIJVCFoI
2rLY9OJUneiB8CFJbtWBtSI9lnG8w6UBKhSCk2UCACqyObkoIAbHUsZDU7W0PkDp
VlpRF2gmdFpanq9ItlhudS3Zg1iiYIOQtp2GdsWsTs6bFl62E18nBazV/yyTisAV
zV9vQoXc1og7HraQ1s0cf9YLMxQy0mZCfMEFnuEctdNozD0vH0RhV8rZsh7PG/Yo
HMlNFXvO7eng8HuccB0K5eoxCRUWydN2IU/d5ONqKxrkv0ZSP/vL/zWIA85u9Ejs
tCDYLuHsR5LmnQ/sR2KgpC9OTppuIjCtWd7ZJFSirnxKAAs34p4QX+QWiYorAEml
/sZ1StWQzXQ4+sAKrFEXiGvAppTVksw6NbX0/aO5UIKo4+m0GRyvU/KWXqfl1XMa
swBDO4p8U0GLKbmu/kQpz3A/LugML5poQA4RqasaAu6cKLzTMji/WILDBJkdNBWa
b0tXj8eLTTgGpSgDnFL/i3xZ7ld2SeYz/qiEp5OCxjn9qCxYDLcmDQZHYY8+vs9u
LPw7P5v3yABL9M4INLqQPqiGknwcRHaLaqgIzZOwbTsszelA3kSLZDq3UGFVjSLy
W6ATiL5pCZhgy6HyI0/e/0u03GPhJp7ACEsnDyB5rrC0ODwTg6dqkCVEC3rV/AA2
YL1D9LPJE71p+YvUaXagQ25O8vSapEcTokKroExpr/Y1Wh4ZtZezW8s2Ea4p9FMF
C31ajOWXkanXROtVC/B9uwrvGMywrD18sjX/UQRt8hJ3QsO5azeVy8OQCdfA2SVN
BUxqgoyqNmjdxo94prtRjtegI35KvNvvQpNhX7bCuoO09dDsDkGElXPI5hWW7maC
gXI2caJoy4B5T/pePhwbe85suBOdPvA+p/WJPi6EAOlLeGqVyU8N/PyOz8EgYN3O
zM7A2UuNW/kBPr1tKhsm7xzkRfsmVO7S6xs0We0kSkTRli0vHjdHm/Uy6MJD5hZm
nFRLhuXcOXsxDyiMvq6H5DtMEmAgkm33PS4HnDs35nk0Jpbj5Csyb2JcdkVcJLAv
qhqNV3EEmLFiI/bNwDpJywlhBKQH+9xO8xF/t3SmFkrkOdhxKoO7k7TEVABtq+WQ
D8HwDA+gJsJtsuRFMrvS6k/iCbarK8BILb/TNfZlvMLtmqJaQqeKqlAbdfr0C0xy
/hqHMNIGeOMM1AXCf4yJ1w5vGCnF4g==
=LJii
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: