[Webkit-unassigned] [Bug 139764] buffer overflow parsing plugin information
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 22 09:56:49 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=139764
Brent Fulgham <bfulgham at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Brent Fulgham <bfulgham at webkit.org> ---
Thank you for taking the time to report this issue, but the proposed patch is not correct.
According to MSDN <https://msdn.microsoft.com/en-us/library/windows/desktop/ms647464(v=vs.85).aspx>, puLen is defined as "for version information values, the length in characters of the string stored at lplpBuffer". Since we are only retrieving version information content, not translation array or root block values, the character count is the correct size.
Since we are calling the wide-character variant of VerQueryValue (VerQueryValueW), the value we get back is a buffer of UCHAR, and the count is the number of these UCHAR characters.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160322/48fb4083/attachment.html>
More information about the webkit-unassigned
mailing list