Added patch to increase buffer size in widl/typegen.c to avoid buffer overflow.

README.md

@@ -39,8 +39,9 @@ Wine. All those differences are also documented on the
 Included bug fixes and improvements
 -----------------------------------
 
-**Bug fixes and features included in the next upcoming release [1]:**
+**Bug fixes and features included in the next upcoming release [2]:**
 
+* Increase buffer size in widl/typegen.c to avoid buffer overflow ([Wine Bug #37129](https://bugs.winehq.org/show_bug.cgi?id=37129))
 * Silence repeated wbemprox "timeout not supported" fixme ([Wine Bug #37618](https://bugs.winehq.org/show_bug.cgi?id=37618))
 
 

debian/changelog

@@ -2,6 +2,8 @@ wine-staging (1.7.47) UNRELEASED; urgency=low
   * Added patch to silence repeated winhttp "no support on this platform"
     message.
   * Added patch to silence repeated wbemprox "timeout not supported" fixme.
+  * Added patch to increase buffer size in widl/typegen.c to avoid buffer
+    overflow.
   * Removed patch to implement kernel32.GetNumaProcessorNode (accepted
     upstream).
   * Removed patch to initialize *end with NULL on failure in msvcrt.strtod

patches/patchinstall.sh

@@ -237,6 +237,7 @@ patch_enable_all ()
 	enable_wbemdisp_ISWbemSecurity="$1"
 	enable_wbemdisp_Timeout="$1"
 	enable_wiaservc_IEnumWIA_DEV_INFO="$1"
+	enable_widl_Buffer_Overflow="$1"
 	enable_windowscodecs_GIF_Decoder="$1"
 	enable_windowscodecs_TIFF_Decoder="$1"
 	enable_wine_inf_Performance="$1"
@@ -783,6 +784,9 @@ patch_enable ()
 		wiaservc-IEnumWIA_DEV_INFO)
 			enable_wiaservc_IEnumWIA_DEV_INFO="$2"
 			;;
+		widl-Buffer_Overflow)
+			enable_widl_Buffer_Overflow="$2"
+			;;
 		windowscodecs-GIF_Decoder)
 			enable_windowscodecs_GIF_Decoder="$2"
 			;;
@@ -4632,6 +4636,21 @@ if test "$enable_wiaservc_IEnumWIA_DEV_INFO" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset widl-Buffer_Overflow
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#37129] Increase buffer size in widl/typegen.c to avoid buffer overflow
+# |
+# | Modified files:
+# |   *	tools/widl/typegen.c
+# |
+if test "$enable_widl_Buffer_Overflow" -eq 1; then
+	patch_apply widl-Buffer_Overflow/0001-widl-Increase-buffer-size-in-typegen.c.patch
+	(
+		echo '+    { "Jarkko Korpi", "widl: Increase buffer size in typegen.c.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset windowscodecs-GIF_Decoder
 # |
 # | This patchset fixes the following Wine bugs:

patches/widl-Buffer_Overflow/0001-widl-Increase-buffer-size-in-typegen.c.patch

@@ -0,0 +1,25 @@
+From 6f484b8e9cb7dcfcc8c3f0103012576b43572422 Mon Sep 17 00:00:00 2001
+From: Jarkko Korpi <jarkko_korpi@hotmail.com>
+Date: Fri, 10 Jul 2015 18:49:44 +0300
+Subject: widl: Increase buffer size in typegen.c.
+
+---
+ tools/widl/typegen.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/widl/typegen.c b/tools/widl/typegen.c
+index 4bb4cc4..045a5b7 100644
+--- a/tools/widl/typegen.c
++++ b/tools/widl/typegen.c
+@@ -1142,7 +1142,7 @@ static unsigned char get_func_oi2_flags( const var_t *func )
+ static unsigned int write_new_procformatstring_type(FILE *file, int indent, const var_t *var,
+                                                     int is_return, unsigned int *stack_offset)
+ {
+-    char buffer[64];
++    char buffer[128];
+     unsigned int stack_size, typestring_offset;
+     unsigned short flags;
+     unsigned char fc = get_parameter_fc( var, is_return, &flags, &stack_size, &typestring_offset );
+-- 
+2.4.5
+

patches/widl-Buffer_Overflow/definition

@@ -0,0 +1 @@
+Fixes: [37129] Increase buffer size in widl/typegen.c to avoid buffer overflow