close
Skip to content

Don't allow overflowing lengths in WM_COPYDATA#20185

Merged
DHowett merged 1 commit into
mainfrom
dev/duhowett/copydont
May 5, 2026
Merged

Don't allow overflowing lengths in WM_COPYDATA#20185
DHowett merged 1 commit into
mainfrom
dev/duhowett/copydont

Conversation

@DHowett

@DHowett DHowett commented May 5, 2026

Copy link
Copy Markdown
Member

It is possible to craft a packet whose len is 0x80000001.

We should not produce values that do not fit in size_t (on e.g. x86).

Reject them summarily.

@DHowett DHowett requested a review from lhecker May 5, 2026 18:44
@github-project-automation github-project-automation Bot moved this to To Cherry Pick in 1.24 Servicing Pipeline May 5, 2026
@github-project-automation github-project-automation Bot moved this to To Cherry Pick in 1.25 Servicing Pipeline May 5, 2026
@DHowett DHowett enabled auto-merge (squash) May 5, 2026 19:12
@DHowett DHowett merged commit 8edac5f into main May 5, 2026
18 of 20 checks passed
@DHowett DHowett deleted the dev/duhowett/copydont branch May 5, 2026 19:19
Qmoony pushed a commit to Qmoony/terminal that referenced this pull request May 11, 2026
@DHowett @claude
Don't allow overflowing lengths in WM_COPYDATA (microsoft#20185)
d2284ed 
It is possible to craft a packet whose `len` is `0x80000001`.

We should not produce values that do not fit in size_t (on e.g. x86).

Reject them summarily.
@DHowett DHowett moved this from To Cherry Pick to Cherry Picked in 1.24 Servicing Pipeline May 11, 2026
DHowett added a commit that referenced this pull request May 12, 2026
@DHowett
Don't allow overflowing lengths in WM_COPYDATA (#20185)
7f1166d 
It is possible to craft a packet whose `len` is `0x80000001`.

We should not produce values that do not fit in size_t (on e.g. x86).

Reject them summarily.

(cherry picked from commit 8edac5f)
Service-Card-Id: PVTI_lADOAF3p4s4BBcTlzgr4enM
Service-Version: 1.24
@DHowett DHowett moved this from To Cherry Pick to Cherry Picked in 1.25 Servicing Pipeline May 12, 2026
DHowett added a commit that referenced this pull request May 12, 2026
@DHowett
Don't allow overflowing lengths in WM_COPYDATA (#20185)
dc2e98f 
It is possible to craft a packet whose `len` is `0x80000001`.

We should not produce values that do not fit in size_t (on e.g. x86).

Reject them summarily.

(cherry picked from commit 8edac5f)
Service-Card-Id: PVTI_lADOAF3p4s4BQX0-zgr4enI
Service-Version: 1.25
@DHowett DHowett moved this from Cherry Picked to Shipped in 1.25 Servicing Pipeline Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lhecker lhecker lhecker approved these changes

Assignees

No one assigned

Labels

None yet

Projects

1.24 Servicing Pipeline
Status: Cherry Picked
1.25 Servicing Pipeline
Status: Shipped

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DHowett @lhecker