Fix segfault if high-entropy 64-bit ASLR is enabled

If the High-entropy ASLR setting is enabled on Windows, `win32/dir` will segfault when calling `SHGetFileInfo`. Enabling high-entropy ASLR will cause processes to use the entire 64-bit address space, and the `long` data type is not large enough to hold a 64-bit address for the PIDL structure (which is the first argument of `SHGetFileInfo`[1]). As a result, the call segfaults. Change the parameter's data type to `uint64` to ensure that the address will always fit. [1] https://docs.microsoft.com/en-us/windows/win32/api/shellapi/nf-shellapi-shgetfileinfow Signed-off-by: Gabriel Nagy <[email protected]>
chef · Sep 25, 2020 · 5c5527e · 5c5527e
1 parent 516dfbb
commit 5c5527e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lib/win32/dir.rb b/lib/win32/dir.rb
@@ -78,12 +78,12 @@ class Dir
     elsif SHGetFolderPathW(0, value, 0, 1, buf) == 0 # Default path
       path = buf.strip
     else
-      ptr   = FFI::MemoryPointer.new(:long)
+      ptr   = FFI::MemoryPointer.new(:uint64)
       info  = SHFILEINFO.new
       flags = SHGFI_DISPLAYNAME | SHGFI_PIDL
 
       if SHGetFolderLocation(0, value, 0, 0, ptr) == 0
-        if SHGetFileInfo(ptr.read_long, 0, info, info.size, flags) != 0
+        if SHGetFileInfo(ptr.read_uint64, 0, info, info.size, flags) != 0
           path = info[:szDisplayName].to_s
           path.force_encoding(Encoding.default_external)
         end

diff --git a/lib/win32/dir/functions.rb b/lib/win32/dir/functions.rb
@@ -27,7 +27,7 @@ def attach_pfunc(*args)
 
   attach_pfunc :SHGetFolderPathW, %i{hwnd int handle dword buffer_out}, :dword
   attach_pfunc :SHGetFolderLocation, %i{hwnd int handle dword ptr}, :dword
-  attach_pfunc :SHGetFileInfo, %i{dword dword ptr uint uint}, :dword
+  attach_pfunc :SHGetFileInfo, %i{uint64 dword ptr uint uint}, :dword
 
   ffi_lib :shlwapi
   ffi_convention :stdcall