possible NULL dereference?
Joris Huizer
joris_huizer at yahoo.com
Thu Apr 9 05:33:39 CDT 2009
--- On Thu, 4/9/09, Paul Vriens <paul.vriens.wine at gmail.com> wrote:
> From: Paul Vriens <paul.vriens.wine at gmail.com>
> Subject: Re: possible NULL dereference?
> To: "Joris Huizer" <joris_huizer at yahoo.com>
> Cc: wine-devel at winehq.org
> Date: Thursday, April 9, 2009, 7:53 AM
> Joris Huizer wrote:
> > Looking at git commit
> dcb3e52e2dfd0d6e494164932fb2b684d463a005, it seems, passing
> a NULL size pointer to GetUserNameEx[AW] is likely to
> crash.
> > You may want to test whether Windows versions crash on
> it, and check for it if needed.
> >
> > HTH, Joris
> >
> There is also another one (mentioned by Coverity) where
> passing a NULL lpNameBuffer and a big enough nSize will
> crash. I tested that one on W2K3 and this also crashes on
> W2K3.
>
> I didn't test the NULL nSize however.
>
> If time permits I'll add some tests and comments in the
> case of crashes. If somebody wants to be beat me to
> it, be my guest.
>
> Out of curiosity, did you find this by visual inspection?
>
> -- Cheers,
>
> Paul.
>
Yea I just noticed this while skimming through, now and then I look at the latest changes on git.
I assume Coverity doesn't complain as it noticed you don't test the nSize pointer in any code path, so it assumes you know what you're doing.
That seems like a general problem - if it could pick up the WINAPI flag (explicitly different calling convention) and realize every argument is suspect, it would find all such problems as well; Such behavior would be desirable for library functions in general, except that different projects are likely to have very different requirements about when a function is a library function to be treated like that.
Specifying "what is a library function" might already be supported or perhaps it could be requested as a generally useful feature?
regards,
Joris
More information about the wine-devel
mailing list