Buffer overrun in NtQuerySymbolicLinkObject if LinkTarget not null-terminated

Running Wine Test, Module: kernel32, Test: dosdev

(sdk/lib/rtl/path.c:682) RtlQueryEnvironmentVariable_U returned 0xc0000100

(sdk/lib/rtl/path.c:682) RtlQueryEnvironmentVariable_U returned 0xc0000100

*** Fatal System Error: 0x000000cd

                       (0xF3F65000,0x00000000,0x8095FD08,0x00000000)

Driver at fault: 

***  NTOSKRNL.EXE - Address 8095FD08 base at 80800000, DateStamp 5774f8aa

.



Entered debugger on embedded INT3 at 0x0008:0x8093fa9c.

kdb:>

 bt

Eip:

<NTOSKRNL.EXE:13fa9d (:0 (RtlpBreakWithStatusInstruction))>

Frames:

<NTOSKRNL.EXE:81dbd (ntoskrnl/ke/bug.c:1100 (KeBugCheckWithTf))>

<NTOSKRNL.EXE:82394 (ntoskrnl/ke/bug.c:1456 (KeBugCheckEx))>

<NTOSKRNL.EXE:a8e03 (ntoskrnl/mm/ARM3/pagfault.c:1848 (MmArmAccessFault))>

<NTOSKRNL.EXE:d9aa3 (ntoskrnl/mm/mmfault.c:251 (MmAccessFault))>

<NTOSKRNL.EXE:12469a (ntoskrnl/ke/i386/traphdlr.c:1278 (KiTrap0EHandler))>

<NTOSKRNL.EXE:36ac (:0 (KiTrap0E))>

<NTOSKRNL.EXE:15fd03 (:0 (memcpy))>

<NTOSKRNL.EXE:f2501 (sdk/include/crt/mingw32/intrin_x86.h:76 (NtQuerySymbolicLinkObject))>

<NTOSKRNL.EXE:1253a4 (ntoskrnl/include/internal/i386/ke.h:706 (KiSystemServiceHandler))>

<NTOSKRNL.EXE:3da9 (:0 (KiFastCallEntry))>

<ntdll.dll:c81d>

<csrsrv.dll:29b2>

<00000000>

kdb:>