Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-17354

Possible array overflow in Pos_SaveData()

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: RosDlls
    • Labels:
      None

      Description

      Sec has 16 elements,
      but this code can access up to Sec[17], which is an overrun.

      https://github.com/reactos/reactos/blob/52cd931f228ee91dfd7a1e6bd2880aea6275d2a4/dll/cpl/powercfg/powershemes.c#L464-L467
      and
      https://github.com/reactos/reactos/blob/52cd931f228ee91dfd7a1e6bd2880aea6275d2a4/dll/cpl/powercfg/powershemes.c#L474-L476

      Probably this is copy paste and proper code should be:
      if (tmp > 0 && tmp < 16 - 2)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              qarmin qarmin
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: