New issue
Advanced search Search tips

Issue 595809 link

Starred by 1 user
Status: WontFix
Owner:
fdoray@chromium.org
Closed: Aug 2016
Cc:
grt@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Uninitialized read in alternate_version_generator.cc

Project Member Reported by fdoray@chromium.org, Mar 17 2016 
There is an uninitialized read when GenerateSpecificPEFileVersion() is called with a version whose length is smaller than the length of the version of the input executable.

~~Dr.M~~ 
~~Dr.M~~ Error #1: UNINITIALIZED READ: reading register cl
~~Dr.M~~ # 0 `anonymous namespace'::ReplaceAll                                  
       [chrome\installer\test\alternate_version_generator.cc:296]
~~Dr.M~~ # 1 `anonymous namespace'::VisitResource                               
       [chrome\installer\test\alternate_version_generator.cc:356]
~~Dr.M~~ # 2 `anonymous namespace'::EnumResourcesWorker                         
       [chrome\installer\test\pe_image_resources.cc:96]
~~Dr.M~~ # 3 `anonymous namespace'::EnumResourcesWorker                         
       [chrome\installer\test\pe_image_resources.cc:84]
~~Dr.M~~ # 4 `anonymous namespace'::EnumResourcesWorker                         
       [chrome\installer\test\pe_image_resources.cc:84]
~~Dr.M~~ # 5 upgrade_test::EnumResources                                        
       [chrome\installer\test\pe_image_resources.cc:122]
~~Dr.M~~ # 6 `anonymous namespace'::UpdateVersionIfMatch                        
       [chrome\installer\test\alternate_version_generator.cc:401]
~~Dr.M~~ # 7 upgrade_test::GenerateSpecificPEFileVersion                        
       [chrome\installer\test\alternate_version_generator.cc:769]
...

Comment 1 by grt@chromium.org, Mar 17 2016 

The alternate version generator is supposed to only generate versions where the old and new versions have the same length. Perhaps that logic is flawed? It'd be very dangerous for it to do otherwise.
Project Member

Comment 2 by bugdroid1@chromium.org, Aug 27 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/98bae263014aad2d3ef0910edef31a8ee32a6c17

commit 98bae263014aad2d3ef0910edef31a8ee32a6c17
Author: fdoray <fdoray@chromium.org>
Date: Sat Aug 27 22:36:53 2016

Delete unused function GenerateSpecificPEFileVersion().

This function is no longer used. Also, it was too easy to misuse it
by passing a target version with a different length than the original
version.

BUG= 595809 

Review-Url: https://codereview.chromium.org/2283833002
Cr-Commit-Position: refs/heads/master@{#414945}

[modify] https://crrev.com/98bae263014aad2d3ef0910edef31a8ee32a6c17/chrome/installer/test/alternate_version_generator.cc
[modify] https://crrev.com/98bae263014aad2d3ef0910edef31a8ee32a6c17/chrome/installer/test/alternate_version_generator.h

Comment 3 by fdoray@chromium.org, Aug 29 2016

Status: WontFix (was: Started)
I deleted the GenerateSpecificPEFileVersion() function.

Sign in to add a comment