[Bug 20918] Many valgrind warnings in advapi32/crypt tests in test_incorrect_api_usage()
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Dec 6 17:42:55 CST 2009
http://bugs.winehq.org/show_bug.cgi?id=20918
Juan Lang <juan_lang at yahoo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Juan Lang <juan_lang at yahoo.com> 2009-12-06 17:42:55 ---
That's correct, this appears to be invalid. For example,
Invalid read of size 4
at CryptSetKeyParam (crypt.c:1961)
by test_incorrect_api_usage (crypt.c:250)
advapi32/crypt.c, line 1961:
if (!key || !pbData || !key->pProvider || key->pProvider->dwMagic !=
MAGIC_CRYPTPROV)
That is, it dereferences key. advapi32/tests/crypt.c, lines leading up to 250:
result = pCryptDestroyKey(hKey2);
ok (result, "%d\n", GetLastError());
dwTemp = CRYPT_MODE_ECB;
result = pCryptSetKeyParam(hKey2, KP_MODE, (BYTE*)&dwTemp, sizeof(DWORD));
That is, the key has been destroyed just prior to calling CryptSetKeyParam on
it. Finally, in CryptDestroyKey:
ret = prov->pFuncs->pCPDestroyKey(prov->hPrivate, key->hPrivate);
CRYPT_Free(key);
key is a pointer, rather than a handle, and it's been freed. So the read is
invalid, as expected.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list