Jeff Zaroyko : ntdll: Avoid NULL deref in RtlDeleteTimer.
Alexandre Julliard
julliard at winehq.org
Mon Dec 1 07:34:24 CST 2008
Module: wine
Branch: master
Commit: 6c597bac2e91c84b5c18ef820295cb5a1e642145
URL: http://source.winehq.org/git/wine.git/?a=commit;h=6c597bac2e91c84b5c18ef820295cb5a1e642145
Author: Jeff Zaroyko <jeffz at jeffz.name>
Date: Sat Nov 29 09:51:45 2008 +1100
ntdll: Avoid NULL deref in RtlDeleteTimer.
---
dlls/ntdll/tests/rtl.c | 11 +++++++++++
dlls/ntdll/threadpool.c | 5 ++++-
2 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/dlls/ntdll/tests/rtl.c b/dlls/ntdll/tests/rtl.c
index 415f0db..fffe9ac 100644
--- a/dlls/ntdll/tests/rtl.c
+++ b/dlls/ntdll/tests/rtl.c
@@ -49,6 +49,7 @@ typedef struct _RTL_HANDLE_TABLE
static HMODULE hntdll = 0;
static SIZE_T (WINAPI *pRtlCompareMemory)(LPCVOID,LPCVOID,SIZE_T);
static SIZE_T (WINAPI *pRtlCompareMemoryUlong)(PULONG, SIZE_T, ULONG);
+static NTSTATUS (WINAPI *pRtlDeleteTimer)(HANDLE, HANDLE, HANDLE);
static VOID (WINAPI *pRtlMoveMemory)(LPVOID,LPCVOID,SIZE_T);
static VOID (WINAPI *pRtlFillMemory)(LPVOID,SIZE_T,BYTE);
static VOID (WINAPI *pRtlFillMemoryUlong)(LPVOID,SIZE_T,ULONG);
@@ -80,6 +81,7 @@ static void InitFunctionPtrs(void)
if (hntdll) {
pRtlCompareMemory = (void *)GetProcAddress(hntdll, "RtlCompareMemory");
pRtlCompareMemoryUlong = (void *)GetProcAddress(hntdll, "RtlCompareMemoryUlong");
+ pRtlDeleteTimer = (void *)GetProcAddress(hntdll, "RtlDeleteTimer");
pRtlMoveMemory = (void *)GetProcAddress(hntdll, "RtlMoveMemory");
pRtlFillMemory = (void *)GetProcAddress(hntdll, "RtlFillMemory");
pRtlFillMemoryUlong = (void *)GetProcAddress(hntdll, "RtlFillMemoryUlong");
@@ -930,6 +932,13 @@ static void test_RtlAllocateAndInitializeSid(void)
ok(ret == STATUS_INVALID_SID, "wrong error %08x\n", ret);
}
+static void test_RtlDeleteTimer(void)
+{
+ NTSTATUS ret;
+ ret = pRtlDeleteTimer(NULL, NULL, NULL);
+ ok(ret == STATUS_INVALID_PARAMETER_1, "expected STATUS_INVALID_PARAMETER_1, got %x\n", ret);
+}
+
START_TEST(rtl)
{
InitFunctionPtrs();
@@ -962,4 +971,6 @@ START_TEST(rtl)
test_HandleTables();
if (pRtlAllocateAndInitializeSid)
test_RtlAllocateAndInitializeSid();
+ if (pRtlDeleteTimer)
+ test_RtlDeleteTimer();
}
diff --git a/dlls/ntdll/threadpool.c b/dlls/ntdll/threadpool.c
index 9c0dafe..af42b30 100644
--- a/dlls/ntdll/threadpool.c
+++ b/dlls/ntdll/threadpool.c
@@ -1005,10 +1005,13 @@ NTSTATUS WINAPI RtlDeleteTimer(HANDLE TimerQueue, HANDLE Timer,
HANDLE CompletionEvent)
{
struct queue_timer *t = Timer;
- struct timer_queue *q = t->q;
+ struct timer_queue *q;
NTSTATUS status = STATUS_PENDING;
HANDLE event = NULL;
+ if (!Timer)
+ return STATUS_INVALID_PARAMETER_1;
+ q = t->q;
if (CompletionEvent == INVALID_HANDLE_VALUE)
status = NtCreateEvent(&event, EVENT_ALL_ACCESS, NULL, FALSE, FALSE);
else if (CompletionEvent)
More information about the wine-cvs
mailing list