From 683adc9d29d7bd1f0f778e1f7f2eeb61b415f4d5 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 23 Feb 2021 13:32:03 +0100 Subject: [PATCH] windows: do not overflow key memory in GetQueuedCompletionStatus The third argument to GetQueuedCompletionStatus is a pointer to a uintptr, not a uint32. Users of this functions have therefore been corrupting their memory every time they used it. Either that memory corruption was silent (dangerous), or their programs didn't work so they chose a different API to use. Updates golang/go#44538. Change-Id: Ie1f66de11001cf9c8195afaa61f003a86f821a95 Reviewed-on: https://go-review.googlesource.com/c/sys/+/295174 Trust: Jason A. Donenfeld Run-TryBot: Jason A. Donenfeld TryBot-Result: Go Bot Reviewed-by: Bryan C. Mills --- windows/syscall_windows.go | 6 +++--- windows/zsyscall_windows.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/syscall_windows.go b/windows/syscall_windows.go index b8916aee..25c6efdc 100644 --- a/windows/syscall_windows.go +++ b/windows/syscall_windows.go @@ -208,9 +208,9 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys GetSystemTimeAsFileTime(time *Filetime) //sys GetSystemTimePreciseAsFileTime(time *Filetime) //sys GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) [failretval==0xffffffff] -//sys CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uint32, threadcnt uint32) (handle Handle, err error) -//sys GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uint32, overlapped **Overlapped, timeout uint32) (err error) -//sys PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uint32, overlapped *Overlapped) (err error) +//sys CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uintptr, threadcnt uint32) (handle Handle, err error) +//sys GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uintptr, overlapped **Overlapped, timeout uint32) (err error) +//sys PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uintptr, overlapped *Overlapped) (err error) //sys CancelIo(s Handle) (err error) //sys CancelIoEx(s Handle, o *Overlapped) (err error) //sys CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) = CreateProcessW diff --git a/windows/zsyscall_windows.go b/windows/zsyscall_windows.go index ca558ea7..3f8952d1 100644 --- a/windows/zsyscall_windows.go +++ b/windows/zsyscall_windows.go @@ -1481,7 +1481,7 @@ func CreateHardLink(filename *uint16, existingfilename *uint16, reserved uintptr return } -func CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uint32, threadcnt uint32) (handle Handle, err error) { +func CreateIoCompletionPort(filehandle Handle, cphandle Handle, key uintptr, threadcnt uint32) (handle Handle, err error) { r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(filehandle), uintptr(cphandle), uintptr(key), uintptr(threadcnt), 0, 0) handle = Handle(r0) if handle == 0 { @@ -2067,7 +2067,7 @@ func GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintpt return } -func GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uint32, overlapped **Overlapped, timeout uint32) (err error) { +func GetQueuedCompletionStatus(cphandle Handle, qty *uint32, key *uintptr, overlapped **Overlapped, timeout uint32) (err error) { r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(cphandle), uintptr(unsafe.Pointer(qty)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(overlapped)), uintptr(timeout), 0) if r1 == 0 { err = errnoErr(e1) @@ -2399,7 +2399,7 @@ func OpenThread(desiredAccess uint32, inheritHandle bool, threadId uint32) (hand return } -func PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uint32, overlapped *Overlapped) (err error) { +func PostQueuedCompletionStatus(cphandle Handle, qty uint32, key uintptr, overlapped *Overlapped) (err error) { r1, _, e1 := syscall.Syscall6(procPostQueuedCompletionStatus.Addr(), 4, uintptr(cphandle), uintptr(qty), uintptr(key), uintptr(unsafe.Pointer(overlapped)), 0, 0) if r1 == 0 { err = errnoErr(e1)