Skip to content

Don't allow overflowing lengths in WM_COPYDATA#20185

Merged
DHowett merged 1 commit into
mainfrom
dev/duhowett/copydont
May 5, 2026
Merged

Don't allow overflowing lengths in WM_COPYDATA#20185
DHowett merged 1 commit into
mainfrom
dev/duhowett/copydont

Conversation

@DHowett
Copy link
Copy Markdown
Member

@DHowett DHowett commented May 5, 2026

It is possible to craft a packet whose len is 0x80000001.

We should not produce values that do not fit in size_t (on e.g. x86).

Reject them summarily.

@DHowett DHowett requested a review from lhecker May 5, 2026 18:44
@github-project-automation github-project-automation Bot moved this to To Cherry Pick in 1.24 Servicing Pipeline May 5, 2026
@github-project-automation github-project-automation Bot moved this to To Cherry Pick in 1.25 Servicing Pipeline May 5, 2026
@DHowett DHowett enabled auto-merge (squash) May 5, 2026 19:12
@DHowett DHowett merged commit 8edac5f into main May 5, 2026
18 of 20 checks passed
@DHowett DHowett deleted the dev/duhowett/copydont branch May 5, 2026 19:19
Qmoony pushed a commit to Qmoony/terminal that referenced this pull request May 11, 2026
@DHowett @claude
Don't allow overflowing lengths in WM_COPYDATA (microsoft#20185)
d2284ed 
It is possible to craft a packet whose `len` is `0x80000001`.

We should not produce values that do not fit in size_t (on e.g. x86).

Reject them summarily.
@DHowett DHowett moved this from To Cherry Pick to Cherry Picked in 1.24 Servicing Pipeline May 11, 2026
DHowett added a commit that referenced this pull request May 12, 2026
@DHowett
Don't allow overflowing lengths in WM_COPYDATA (#20185)
7f1166d 
It is possible to craft a packet whose `len` is `0x80000001`.

We should not produce values that do not fit in size_t (on e.g. x86).

Reject them summarily.

(cherry picked from commit 8edac5f)
Service-Card-Id: PVTI_lADOAF3p4s4BBcTlzgr4enM
Service-Version: 1.24
@DHowett DHowett moved this from To Cherry Pick to Cherry Picked in 1.25 Servicing Pipeline May 12, 2026
DHowett added a commit that referenced this pull request May 12, 2026
@DHowett
Don't allow overflowing lengths in WM_COPYDATA (#20185)
dc2e98f 
It is possible to craft a packet whose `len` is `0x80000001`.

We should not produce values that do not fit in size_t (on e.g. x86).

Reject them summarily.

(cherry picked from commit 8edac5f)
Service-Card-Id: PVTI_lADOAF3p4s4BQX0-zgr4enI
Service-Version: 1.25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lhecker lhecker lhecker approved these changes

Assignees

No one assigned

Labels

None yet

Projects

1.24 Servicing Pipeline
Status: Cherry Picked
1.25 Servicing Pipeline
Status: Cherry Picked

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DHowett @lhecker