cabinet: Fix NULL pointer dereference (Coverity)
James Hawkins
truiken at gmail.com
Tue Sep 26 14:55:34 CDT 2006
On 9/26/06, Andrew Talbot <Andrew.Talbot at talbotville.com> wrote:
> Changelog:
> cabinet: Fix NULL pointer dereference (Coverity).
>
> diff -urN a/dlls/cabinet/fci.c b/dlls/cabinet/fci.c
> --- a/dlls/cabinet/fci.c 2006-09-12 23:59:28.000000000 +0100
> +++ b/dlls/cabinet/fci.c 2006-09-26 18:27:03.000000000 +0100
> @@ -176,18 +176,22 @@
> if ((!perf) || (!pfnalloc) || (!pfnfree) || (!pfnopen) || (!pfnread) ||
> (!pfnwrite) || (!pfnclose) || (!pfnseek) || (!pfndelete) ||
> (!pfnfcigtf) || (!pccab)) {
> - perf->erfOper = FCIERR_NONE;
> - perf->erfType = ERROR_BAD_ARGUMENTS;
> - perf->fError = TRUE;
> + if (perf) {
> + perf->erfOper = FCIERR_NONE;
> + perf->erfType = ERROR_BAD_ARGUMENTS;
> + perf->fError = TRUE;
> + }
>
> SetLastError(ERROR_BAD_ARGUMENTS);
> return NULL;
> }
>
> if (!((hfci = ((HFCI) (*pfnalloc)(sizeof(FCI_Int)))))) {
> - perf->erfOper = FCIERR_ALLOC_FAIL;
> - perf->erfType = ERROR_NOT_ENOUGH_MEMORY;
> - perf->fError = TRUE;
> + if (perf) {
> + perf->erfOper = FCIERR_ALLOC_FAIL;
> + perf->erfType = ERROR_NOT_ENOUGH_MEMORY;
> + perf->fError = TRUE;
> + }
>
> SetLastError(ERROR_NOT_ENOUGH_MEMORY);
> return NULL;
>
This last check is pointless. If perf is NULL, we bail out and return
NULL a few lines up. Also, please add a test showing that native does
not crash if a NULL perf is sent in. It's weird, but we need to be
consistent with native, as some apps depend on such a crash.
--
James Hawkins
More information about the wine-devel
mailing list