[Bug 20317] New: Uninitialised memory reference in SetEntriesInAclW()

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Oct 10 22:21:32 CDT 2009 

http://bugs.winehq.org/show_bug.cgi?id=20317

           Summary: Uninitialised memory reference in SetEntriesInAclW()
           Product: Wine
           Version: 1.1.31
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: download, patch, source
          Severity: normal
          Priority: P2
         Component: advapi32
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: dank at kegel.com


Once you are past bug 20303 and bug 20315, the commands

cd dlls/advapi32/tests
/usr/local/valgrind-10896/bin/valgrind --trace-children=yes --track-origins=yes
 --workaround-gcc296-bugs=yes ~/wine-git/wine advapi32_test.exe.so security.c

produce the valgrind warning

Conditional jump or move depends on uninitialised value(s)
   at RtlAllocateHeap (heap.c:1373)
   by HeapAlloc (heap.c:276)
   by GlobalAlloc (heap.c:361)
   by LocalAlloc (heap.c:961)
   by SetEntriesInAclW (security.c:3568)
   by test_SetEntriesInAcl (security.c:2583)
 Uninitialised value was created by a client request
   at mark_block_uninitialized (heap.c:187)
   by RtlAllocateHeap (heap.c:1429)
   by SetEntriesInAclW (security.c:3471)
   by test_SetEntriesInAcl (security.c:2583)

(so the amount of memory being allocated is undefined!)
It seems the ppsid memory block is not fully initialized,
since the change

--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -3468,7 +3468,7 @@ DWORD WINAPI SetEntriesInAclW( ULONG count,
PEXPLICIT_ACCESSW pEntries,
         return ERROR_SUCCESS;

     /* allocate array of maximum sized sids allowed */
-    ppsid = HeapAlloc(GetProcessHeap(), 0, count * (sizeof(SID *) +
FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES])));
+    ppsid = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count * (sizeof(SID
*) + FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES])));

makes the warning go away.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list