[Bug 20918] Many valgrind warnings in advapi32/crypt tests in test_incorrect_api_usage()

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Dec 6 17:42:55 CST 2009


http://bugs.winehq.org/show_bug.cgi?id=20918


Juan Lang <juan_lang at yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




--- Comment #1 from Juan Lang <juan_lang at yahoo.com>  2009-12-06 17:42:55 ---
That's correct, this appears to be invalid.  For example,

 Invalid read of size 4
    at  CryptSetKeyParam (crypt.c:1961)
    by  test_incorrect_api_usage (crypt.c:250)

advapi32/crypt.c, line 1961:
    if (!key || !pbData || !key->pProvider || key->pProvider->dwMagic !=
MAGIC_CRYPTPROV)

That is, it dereferences key.  advapi32/tests/crypt.c, lines leading up to 250:
    result = pCryptDestroyKey(hKey2);
    ok (result, "%d\n", GetLastError());

    dwTemp = CRYPT_MODE_ECB;    
    result = pCryptSetKeyParam(hKey2, KP_MODE, (BYTE*)&dwTemp, sizeof(DWORD));

That is, the key has been destroyed just prior to calling CryptSetKeyParam on
it.  Finally, in CryptDestroyKey:
    ret = prov->pFuncs->pCPDestroyKey(prov->hPrivate, key->hPrivate);
    CRYPT_Free(key);

key is a pointer, rather than a handle, and it's been freed.  So the read is
invalid, as expected.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the wine-bugs mailing list