[ros-diffs] [fireball] 25332: Dmitry G. Gorbachev (hto at mail cnt dot ru): NtOpenKey() calls ObpCaptureObjectAttributes() which can return null ObjectName. Then null pointer used in if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\') which leads to a crash.
fireball at svn.reactos.org
fireball at svn.reactos.org
Sat Jan 6 20:14:42 CET 2007
Author: fireball
Date: Sat Jan 6 22:14:41 2007
New Revision: 25332
URL: http://svn.reactos.org/svn/reactos?rev=25332&view=rev
Log:
Dmitry G. Gorbachev (hto at mail cnt dot ru):
NtOpenKey() calls ObpCaptureObjectAttributes() which can return null
ObjectName.
Then null pointer used in
if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\')
which leads to a crash.
Modified:
trunk/reactos/ntoskrnl/cm/ntfunc.c
Modified: trunk/reactos/ntoskrnl/cm/ntfunc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/cm/ntfunc.c?rev=25332&r1=25331&r2=25332&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/cm/ntfunc.c (original)
+++ trunk/reactos/ntoskrnl/cm/ntfunc.c Sat Jan 6 22:14:41 2007
@@ -1367,7 +1367,8 @@
return Status;
}
- if (ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\')
+ if (ObjectName.Buffer &&
+ ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] == '\\')
{
ObjectName.Buffer[(ObjectName.Length / sizeof(WCHAR)) - 1] = UNICODE_NULL;
ObjectName.Length -= sizeof(WCHAR);
More information about the Ros-diffs
mailing list