[ros-dev] Strategy for invalid parameters

Alex Ionescu ionucu at videotron.ca
Tue Jan 10 07:00:21 CET 2006


M Bealby wrote:

>I was just taking a look at some ReactOS code this evening and it got
>me thinking about what our general strategy for handling invalid
>parameters is.
>
>For example, in kernel32.dll there is a function DebugBreakProcess.
>This function takes one parameter, a process handle.
>
>This parameter is passed through the following list of functions
>unchecked by any of them, until the final one will return a failure...
>
>DebugBreakProcess
>  
>
Adding the check here means that if someone calls the Native API 
directly the check is skipped, and this the one in the win32 api is useless.

>DbgUiIssueRemoteBreakIn
>  
>
Adding the check here cuts the problem short, but now it means every API 
that uses a process handle now needs to check the parameter, thus adding 
thousands of lines of duplicated code. The same argument goes for the 
ones below

>RtlCreateUserThread
>RtlpCreateUserStack
>ZwAllocateVirtualMemory
>  
>
Since process handles are the responsability of the object manager, it 
is the lowest place and the only place that should report this failure. 
Rtl code shouldn't make assumptions about what is a valid handle and 
what is not. If one day a new object manager is created which uses 
negative handles as correct handles, and the 0 handle as "Current 
process" handle, then thousands of lines of code woul dhave to be 
changed. By leaving the responsability of determing what is and what 
isn't a valid handle to the object manager itself, this keeps the kernel 
componentized and mostly independent.

>ObReferenceObjectByHandle
>
>  
>
Best regards,
Alex Ionescu



More information about the Ros-dev mailing list