ntdll: RtlCreateAcl: initialize all the bytes passed by the user
Alexandre Julliard
julliard at winehq.org
Tue Oct 30 06:46:05 CDT 2007
"Dan Kegel" <dank at kegel.com> writes:
> Without this patch, NtAccessCheck() references uninitialized
> memory (it seems to send the entire ACL with the user's
> length to the server, not just sizeof(ACL)). This showed up as
> valgrind errors when running "make test" in advapi32.
> I suppose the right fix might be to send just sizeof(ACL) bytes
> to the server, but I wouldn't know, and initializing all
> the bytes given by the caller seems innocuous enough.
It isn't innocuous, if Windows doesn't do it then it's quite likely that
apps will pass a too large size, we've had that kind of problem in some
other places already.
--
Alexandre Julliard
julliard at winehq.org
More information about the wine-devel
mailing list