[ros-kernel] Possible SECURITY_DESCRIPTOR cache problem
xnavara at volny.cz
Sat Aug 28 23:54:37 CEST 2004
Filip Navara wrote:
> I have a method to reproduce such (or very similar) crash every time.
> I'll write about it more tomorrow.
I take that back. I found out the cause of the crash I was seeing and
it's differnet from the crash Mike had. My stack trace:
io/create.c:358 - IoCreateFile
ob/object.c:457 - ObCreateObject
se/semgr.c:382 - SeAssignSecurity
se/sid.c:567 - RtlLengthSid
Now if you look at CreateToolhelp32Snapshot you'll see the function is
(ignoring the code is completely wrong) not initializing the
OBJECT_ATTRIBUTES structure and the security descriptor pointer
(uninitialized memory) is then passed to CreateFile -> NtCreateFile ->
... resulting in obvious crash when accessing it.
More information about the Ros-kernel